Hey Alexa, Can We Trust You with Our Health Information?

Alexa Healthcare Data Protection - Healthcare Consulting Firm - Canton & Company

No one was surprised when Amazon announced it had set up HIPAA compliance for its Alexa technology. Yeah, we figured it was only a matter of time. By clearing this gigantic regulatory hurdle, Alexa has been able to launch some nifty new consumer tools.

And we know the Smart Health Market is shaped by consumer demand for convenience and affordability — underpinned by technology — so Alexa’s HIPAA-compliant platform will fit right in. It’s more evidence demonstrating healthcare’s current tilt toward B2C capabilities.

Here are a few examples of what consumers can do right now with Alexa:

  • Check the status of a home-delivery prescription
  • Earn employee wellness incentives
  • Participate in a children’s hospital post-op program
  • Monitor trends in their HbA1c numbers
  • Find urgent care centers and schedule appointments

Of course, the health services are delivered through partners, such as Express Scripts and Boston Children’s, but Alexa is the platform that connects the consumer to all these organizations with a simple voice command. Just say, “Alexa, show me my blood glucose reading,” and the numbers appear.

With at-home health connections, providers gain the opportunity to improve outcomes, which can translate into some nice bonus cash. Meanwhile, consumers can engage in their health as part of their everyday routine.

Security remains top-of-mind

Now that Alexa can transmit personal health information securely, the sky’s the limit. No doubt an armload of new apps are on their way to a kitchen counter near you.

While the news about Alexa is exciting, we also believe the underlying need for privacy cannot be overstated. Just because Amazon worked out the HIPAA aspect, doesn’t mean Alexa and her connected apps are water-tight. HIPAA is a policy. Security is an everyday logistical challenge.

Consider this: 2018 was a record year for HIPAA enforcement. The Office for Civil Rights (OCR) settled 10 cases and secured one judgment, bringing in $28.7 million.

For example, last October, Anthem paid $16 million to OCR after a series of cyberattacks led to the single largest health data breach in U.S. history. Turns out cyber attackers had infiltrated Anthem’s IT system undetected through phishing emails sent to employees. Attackers stole personal information for almost 79 million individuals. (HHS)

Privacy and security are still top-of-mind issues, and clearly even the best of the best aren’t immune. Organizations that have invested millions in consumer data protection remain vulnerable.

Our Take: Every health organization must be vigilant with data protection and consumer privacy efforts, from the electronic firewall in the cloud server to basic employee training. The opportunity era in healthcare will allow for nothing less.