In April 2019, Amazon announced that its Alexa Skills Kit now enables select covered entities and their business associates to share health information as part of an invitation-only program. It’s clear that as voice-controlled devices (VcDs) continue to advance, doors will open in the home-based care space—very exciting news for the industry.
Currently, six invited companies have been able to create skills and use the HIPPA-compliant software. This allows people who are clients of these six organizations to do things like book appointments, access discharge instructions, and check on prescriptions—with their defined relevant health data being stored and maintained by that organization.
However…this announcement DOES NOT MEAN that Alexa can be used unilaterally as HIPAA compliant.
Senior living organizations covered by HIPAA should continue to follow recommended guidance for non-HIPAA compliant VcDs. It’s important to note that vendors have created HIPAA-compliant management software allowing them to be implemented in senior living settings as well as other healthcare settings.
New Technology. New Considerations.
The National Law Review recommends that providers undergo a privacy and information-security review to ensure all state and federal legal and regulatory requirements are met prior to the implementation of new technology.
Consider Implementing These 4 Safeguards When Using VcDs in Senior Care Settings:
- Until Alexa becomes HIPAA compliant, any use of the device should be limited to non-identifiable health information
- Once Alexa is HIPAA compliant, providers will need to execute a Business Associate Agreement with Amazon or its related entities
- Providers should implement and revise their policies and procedures to ensure device use is compliant with HIPAA
- Providers should update their privacy notice to include the use of Alexa or other Alexa-enabled devices.
That this current list of “invite-only” companies is destined to expand, meaning exciting opportunities in this arena will expand as well—creating new capabilities for a wider audience. But there are risks for usage in skilled nursing, assisted living, independent living, and life plan community settings that lurk beneath the surface with regard to privacy, information security, and regulatory compliance. It is useful for an administrator to have a privacy and information-security consultant provide current suggested conforming procedures.