Are Smart Speakers HIPAA Compliant?

Smart speakers are now woven into the technological fabric of Wi-Fi connected society, including the healthcare sector. Experts predict that by next year, for example, half of all digital searches will be conducted via voice technology. Research also confirms that more than 60 percent of pediatricians in the United States use voice-assistant technology. At least 33 percent of them use voice assistants connected to smart speakers.

But what about HIPAA compliance? For the time being, no consumer voice assistants are compliant, and neither are services once they tie into the shared digital cloud. Despite those shortcomings, however, smart speakers are already being utilized within the healthcare community in ways that are fully HIPAA compliant. That’s because while the devices themselves may not comply, those who use them restrict the use to HIPAA-compliant tasks.

Boston Children’s Hospital Pilot Programs

Since 2016, for instance, Boston Hospital’s Innovation in Digital Health Accelerator (IDHA)project has been working on voice technology pilot programs. They’re using smart speaker technologies for more efficient pre-op validation and to complete checklist tasks for organ transplants. Users report that these digital voice assistants reduce human error while speeding up the process. In the ICU, smart speakers help maintain a more sterile hands-free environment as nurses verbally ask devices to complete requests for information. Instead of leafing through paper documents that may be in another part of the hospital, physicians can use voice commands to immediately access such things as emergency protocols. By saving precious time, the technology can potentially save human lives.

Legal Obstacles to Compliance

Amazon recently hired HIPAA compliance experts, but designing a compliant smart speaker is a major challenge. For one thing, the device would have to be used in a HIPAA-compliant environment. Otherwise unauthorized users could access it in violation of HIPAA. Devices like Alexa and Echo also function as passive listening technologies, waiting for a command. But that listening is not discreet. When the devices are on, they are in a kind of eavesdropping mode. Plus, according to the National Law Review, HIPAA is not the only regulatory challenge. State laws regarding smart speakers may be even more restrictive when it comes to the issue of privacy.

The Bottom Line

Smart speakers are definitely helping providers and their patients in practical, measurable ways. But the assistance is essentially limited to data that is non-identifiable with individuals who are protected by privacy laws like HIPAA. Just as telehealth and various AR technologies can support healthcare, so can smart speakers. They can make it easier to order medicines or to access information about diseases. They may provide helpful answers for people experiencing illness symptoms or seeking general health guidance. Alexa’s smart speakers, for example, support the KidsMD resource. It enables home caregivers (such as parents) to access a wealth of medical knowledge and guidance from Boston Children’s Hospital.

In the future, smart speakers may provide a convenient way for patients to fill out questionnaires prior to a doctor’s appointment. Or healthcare providers may be able to use the technology to support home care with education and engagement. But at least for now, smart speakers are not HIPAA compliant – and compliance remains an extremely elusive goal.