Apparently, that answer is yes. According to Amazon, its virtual personal assistant, Alexa, can now transfer and handle protected health information (“PHI”) in accordance with HIPAA.  Amazon expects Alexa to handle various healthcare related tasks, including scheduling urgent care appointments, checking health insurance benefits and reading blood-sugar tests, among others.  To create these new services, Amazon collaborated with various companies, including Cigna and major hospitals.  When it comes to privacy, Amazon and its partners embedded various privacy barriers into the new services, including voice codes or requiring a user to login with passwords for existing health-care specific accounts.

As technology and health care continue to become more intertwined, I would not be surprised if Apple and Google follow Amazon’s lead, rolling out similar products for Siri and Google Home.  Additionally, the types of health care services offered through these virtual personal assistants as well as our smart phones will likely only grow in breadth.  It no longer seems far-fetched that you may communicate and transmit data to your health care provider or pharmacy by talking into a speaker in the comfort of your home.  The question becomes what happens to all the information that you are saying aloud?  This will be service-dependent, but it is clear that Amazon, among other tech companies, will now be maintaining your electronic PHI.

This represents a seismic shift from the information maintained by your everyday fitness tracker and comes with an entire new set of compliance responsibilities.  Thus, while HIPAA is both scalable, depending on the scope of the covered entity, and flexible to adapt to new technologies, these tech companies may soon realize that HIPAA has real compliance costs as well.  In today’s age of big data breaches, even a minor slip-up, for example leaking usernames of a specific health care service through the tech provider’s platform, could ultimately prove to be very costly.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel J. Kagan Daniel J. Kagan

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and…

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.

With regard to Privacy and Cybersecurity, Dan has experience drafting privacy policies and notices, website terms of use, written information security plans and incident response plans.  Dan counsels clients on compliance issues related to state, federal and international privacy laws including the General Data Protection Regulation (GDPR).  Dan also has experience representing both health care and non-health care clients that have suffered data breaches and assists such clients with breach response and applicable reporting obligations.  Dan writes extensively on privacy and cybersecurity issues and is a co-editor of Murtha’s Privacy and Cybersecurity Perspectives blog.

As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.

Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.

Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.