by Hoala Greevy Founder CEO of Paubox
Article filed in

Is Amazon Alexa HIPAA Compliant? [Updated for 2019]

by Hoala Greevy Founder CEO of Paubox

Is Alexa HIPAA Compliant? - Robert Ogus of Paubox

Last updated: 8 April 2019

We sometimes get asked by customers and prospects about Amazon Alexa and their ability to use it in a HIPAA compliant manner.

We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud services in this sector.

In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:

Today, we will determine if Amazon Alexa offers HIPAA compliant service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

Amazon Alexa

Alexa is Amazon’s cloud-based voice service and is currently available on millions of devices.

Alexa is capable of voice interaction, music playback, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, providing weather, traffic, sports, and real-time news.

Amazon Alexa and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Amazon’s site and found a lot of useful information on their HIPAA Compliance page.

In particular, they include the following information:


What services can I use in my AWS account if I have a Business Associate Addendum with AWS?

Customers may use any AWS service in an account designated as a HIPAA account, but they should only process, store, and transmit protected health information (PHI) in the HIPAA-eligible services defined in the Business Associate Addendum (BAA). For the latest list of HIPAA-eligible AWS services, see the HIPAA Eligible Services Reference webpage.


If we inspect the HIPAA Eligible Services Reference page, we see that Alexa is still not offered under the AWS BAA.

Last week however, on 4 April 2019, Amazon announced an invite-only program allowing select developers to create and launch HIPAA-compliant healthcare skills for Alexa.

In other words, Amazon Alexa is providing its “HIPAA eligible environment” to voice app developers on an invite-only basis in the U.S., but says it expects to enable more developers to access this capability in the future.

Here are some of the organizations Amazon invited:

Does Amazon Alexa Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a covered entity and a business associate.

We were able determine that as of April 2019:

  • Alexa is still not listed under the Amazon HIPAA Eligible Services Reference page
  • Amazon has recently allowed a small, invite-only group of organizations to develop HIPAA-compliant healthcare skills for Alexa

Conclusion: Amazon Alexa is HIPAA compliant for a small group of invite-only healthcare organizations. For everyone else, it is still not HIPAA compliant.

Copy link
Powered by Social Snap