Print Friendly  |  
  • LinkedIn
  • Add to Favorites

 HIPAA Remains a Concern With Rise of Voice Assistants Like Alexa

A health information technology expert in the long term and post-acute care (LT/PAC) space says the news that Amazon’s Alexa Skills Kit now enables health care entities subject to Health Insurance Portability and Accountability Act (HIPAA) rules to transmit and receive protected health information should be approached with caution by providers.

Amazon recently said the Skills Kit, which is a part of the Alexa voice-based assistant product group and the brains behind slews of products in its Echo family, is now operating in the HIPAA-eligible environment as companies like Express Scripts (pharmacy benefit manager) and health insurer Cigna use Alexa for new tasks.

“Every day developers are inventing with voice to build helpful and convenient experiences for their customers,” Amazon said in a blog post. “These new skills are designed to help customers manage a variety of health care needs at home simply using voice, whether it’s booking a medical appointment, accessing hospital post-discharge instructions, checking on the status of a prescription delivery, and more.”

An example of how six health care companies are using Alexa is Express Scripts, which will now allow members to check the status of a home delivery prescription and request Alexa notifications when their prescription orders are shipped.
My Children’s Enhanced Recovery After Surgery (ERAS) will allow  caregivers and parents of children in the ERAS program at Boston Children’s Hospital to provide their care teams updates on recovery progress and receive information regarding their post-op appointments.

And, Livongo, a consumer digital health company that creates new and different experiences for people with chronic conditions, said members can query their last blood sugar reading, blood sugar measurement trends, and receive insights and Health Nudges that are personalized to them via Alexa.
Steven Chies, lead consultant, Care Paradigms, and president, North Cities Health Care, says what all of this means for LT/PAC providers interested in Alexa as a possible tool for facility-based, or home-based, use is to be careful and to remain aware of all privacy and security issues when it comes to a resident’s personal and protected health information.
“HIPAA has been around for a long time, but parts of it have been upgraded to deal with electronic health records [EHRs],” he says, citing EHRs as an example of how HIPAA rules apply to new technology.

From the provider standpoint, Chies says the operator must know where HIPAA-protected information is being sent and have trusted partners to know whether that provider (referring hospital, physician’s office) has the authorization to use the information.
“Originally, HIPAA did not contemplate all of this type of transfer of data, but subsequent rules and regulations have reinforced the rules,” he says. This has become a high priority of late, Chies adds, pointing to the scores of data breaches in the U.S. health care sector in recent times as an example of how protecting personal data is a top priority.

With Amazon’s Alexa or similar products from other tech leaders like Google, the key question with the voice assistants is what information is being stored in the device and if it is privileged health care data, making it bound by HIPAA. If it is general information on the product or about ordering and buying items, then likely there are no issues, he says.

“There is a quagmire of what information has to be protected,” Chies says. “Clearly, if the provider is a skilled nursing facility, then the information is bound by HIPAA and you must keep the information private and confidential.”

And, the big tech firms are not only in the business of voice assistants, but have been working on projects to store health information, meaning providers need to be aware that what is being housed is protected under the requirements of the HIPAA law.

“The bigger issue is a breach. The penalties have not been astronomical, but will be going forward, and that comes on top of the loss of reputation, loss of data, and potential for civil and criminal penalties” for those companies experiencing a breach, Chies says. “The [HIPAA] law and teeth behind it are very substantial.”

Facebook.png   Twitter   Linked-In   ProviderTV   Subscribe

Sign In