We sometimes get asked by customers and prospects about Amazon Alexa and their ability to use it in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Constant Contact
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Hangouts Chat
- Google Slides
- Google Voice
- Microsoft Teams
- Office 365
- Return Path
- Uber Health
Today, we will determine if Amazon Alexa offers HIPAA compliant service or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Alexa is Amazon’s cloud-based voice service and is currently available on millions of devices.
Alexa is capable of voice interaction, music playback, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, providing weather, traffic, sports, and real-time news.
Amazon Alexa and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Amazon’s site and found a lot of useful information on their HIPAA Compliance page.
In particular, they include the following information:
What services can I use in my AWS account if I have a Business Associate Addendum with AWS?
Customers may use any AWS service in an account designated as a HIPAA account, but they should only process, store, and transmit protected health information (PHI) in the HIPAA-eligible services defined in the Business Associate Addendum (BAA). For the latest list of HIPAA-eligible AWS services, see the HIPAA Eligible Services Reference webpage.
If we inspect the HIPAA Eligible Services Reference page, we see that Alexa is not offered under the AWS BAA.
Does Amazon Alexa Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.
With some directed research, we were able determine that Alexa is not covered under the Amazon BAA and is therefore not HIPAA compliant.
Conclusion: Amazon Alexa is not HIPAA compliant.