“Congratulations to Amazon. Their news about Alexa and HIPAA compliance is a solid step forward. They are joined by a full range of innovators seeking to leverage voice, chatbots and conversational AI to improve healthcare. We are truly in the midst of a digital revolution and I’m confident it will bring positive change to patients and clinicians.”
– Orbita CEO and Co-founder Bill Rogers
Amazon announced yesterday that a version of their virtual assistant technology, Alexa, is now HIPAA-eligible. This means it’s available for applications that are subject to the data privacy and security requirements of HIPAA. The new HIPAA-eligible version of Alexa, specifically the Alexa Skills Kit, is now available to a limited number of developers by invitation only.
Amazon has seen increasing interest in Alexa’s potential to serve as a virtual healthcare assistant. While devices like PCs, tablets, and smartphones have contributed to advances in healthcare, they’ve been problematic for some aspects of patient engagement – particularly among the elderly and others who physically cannot – or will not – use them.
The idea of a smart, always-available, hands-free, voice-powered virtual assistant that can answer questions, deliver medication reminders, facilitate communication with one’s doctor, provide health coaching, and more, has piqued the interest of the healthcare community. Amazon has responded.
HR Technology News: New Wrike Data Finds Workplace Flexibility Imperative to Employee Happiness
Until now, Alexa’s use in healthcare has been mostly limited to question answering services – voice apps, or “skills” in Alexa parlance, that answer general questions about health conditions, treatments, symptoms, etc. Amazon Echo users, for example, can access health benefit information from a skill like Answers by Cigna, or tap into one of many symptom checkers in the Alexa marketplace.
The big change is that Alexa can now be used in certain applications that collect and transmit protected healthcare information (PHI.) This opens a whole new world of voice applications beyond basic Q&A such as remote patient monitoring (see case study from Orbita partner Libertana,) population health, medication adherence and clinical trial optimization. Orbita has also teamed with Brigham & Women’s Hospital and pharmaceutical manufacturers to explore the use of voice-powered virtual assistants in these types of applications. It seemed inevitable that voice assistants like Alexa and smart speaker-equipped devices like the Amazon Echo would find their way into clinical applications. Amazon’s announcement confirms this.
Organizations must understand the full range of issues surrounding the what, why, and how of securing, voice-first healthcare applications. HIPAA is just the start. There is no formal certification process for HIPAA, and it applies only in the U.S. Also, many healthcare IT departments use other industry standards or have their own standards for data privacy and security. In their eyes, completely securing a voice application may go well beyond ensuring that a service provider will sign a HIPAA business associate agreement. Issues like user authentication, data privacy in shared spaces, network and device hacking, secure system integration (e.g. with an EHR), should all be addressed.
Healthcare will see continued deployment of consumer-facing skills that do not require HIPAA’s rigor, as well as a morphing of these customer service-centric offerings into more clinical use cases where HIPAA will be mandated. Consider a basic Q&A member benefit voice skill offered by a health plan. A much richer and more personalized experience can be created by adding PHI to the mix. The lines will blur in this regard and with regard to value-based care bringing new shared risk revenue models across the various sectors within healthcare.