'Alexa, Are You HIPAA Compliant?'Boston Children's Hospital Tests Use of Voice Command Applications, Addresses Security
Boston Children's Hospital is pioneering the use of Amazon's Alexa voice assist technology in the healthcare sector. John Brownstein, the hospital's chief innovation officer, discusses the security measures involved.
Amazon recently announced that as part of a pilot program, its skills kit - or application programming interfaces and other development tools - can enable HIPAA covered entities and business associates to build so-called "HIPAA eligible" healthcare applications. These will enable Alexa technology to transmit and receive protected health information.
Boston Children's is experimenting with a "HIPAA compliant" voice application - or what Amazon calls Alexa "skills" - designed to help parents and caregivers of children who have recently undergone heart surgery, Brownstein explains in an interview with Information Security Media Group.
The HIPAA Details
As part of its HIPAA compliance effort, the hospital has signed a business associate agreement with Amazon, he explains.
"What this means essentially is that they [Amazon] are maintaining HIPAA compliance in these use cases," he says. "There are specific types of compliance that Amazon is adhering to in the protection of patient data. Now we can maintain a connection with the remote patient to push information into the patient record."
Amazon's cloud infrastructure maintains the patient data in a secure Alexa environment, Brownstein says. Also, Amazon and Children's Hospital have taken steps to help ensure that patients and caregivers connect with the correct patient record.
"We use a voice PIN and certain protections to make sure that we're working with the right patient or parent or guardian," he says.
How Alexa Is Used
The Alexa application enables parents and caregivers to provide updates about a child's progress - including pain levels - after the patient has been released from the hospital and is recovering at home.
Using the voice-command device enables healthcare providers to "stay tuned to any deviation in the prime recovery progress ... and intervene as needed," he says.
The voice-generated information "becomes a huge channel of data collection that care teams can essentially receive in real time," Brownstein explains. "Virtual care is extending the reach of the hospital and improving our ability to maintain a connection with patients."
In the interview (see audio link below photo), Brownstein also discusses:
- Steps for keeping Alexa-generated patient information private and secure;
- The privacy implications related to recent reports of Amazon engineers allegedly listening to consumers' Alexa voice command recordings in the effort to improve the performance of the product;
- Potential next steps for Boston Children's Hospital's use of voice command technologies.
Brownstein, who was trained as an epidemiologist at Yale University, is chief innovation officer at Boston Children's Hospital. His research interests include the design, evaluation and implementation of public health surveillance systems; and statistical modeling of public health surveillance data to improve prevention and control activities. He is also a professor at Harvard Medical School.