Skip to main content
MJH Life Sciences
  • Login
  • Register
  • Login
  • Register
Home
  • Topics
  • Health IT
  • Careers
  • Law/Malpractice
  • Compensation
  • Pearls
  • Staffing
  • Contribute to Site
MJH Life Sciences

SUBSCRIBE: eNewsletter

Is your smart assistant putting you at legal risk?

law, healthcare law, smart speaker, Alexa, AI, biometrics, Siri, physician
  • Rachel V. Rose, JD, MBA
July 26, 2019
  • Voice Recognition, Compliance, Health IT, Health Law & Policy, Law & Malpractice, Technology

HIPAA has been around since 1996, and the HITECH Act came into the fray in 2009. Hence, the requirement to maintain the confidentiality, availability and integrity of protected health information (PHI) is not new.

But now smart assistants (e.g., Google’s Assistant, Amazon’s Alexa and Apple’s Siri), which utilize voice recognition and artificial intelligence, add additional concerns.

Physicians and providers need to ascertain whether or not the smart assistant meets the Security Rule’s technical, administrative and physical safeguards. They need to make sure that the recorded audio and the privacy statements are not being shared with third parties. They must also ensure that the privacy statements meet the requirements of state, federal and international laws.

In April, Amazon announced the roll out of six new HIPAA compliant skills from Express Scripts, Cigna, Livongo, Atrium Health, Providence St. Joseph Health and Boston Children’s Hospital. However, whether or not smart assistants are HIPAA compliant appears to have mixed reactions. Physicians and other providers should be cautioned that the alleged HIPAA complaint that Alexa “can now be used by a select group of healthcare organizations to communicate PHI without violating the HIPAA Privacy Rule,” according to the HIPPA Journal.

Recently, Google learned that a state’s law may also create liability and that data transfers differ from the sharing or selling of the audio to a third party. In July, a class action was filed against Google for violations of the Illinois Biometric Information Privacy Act (IBIPA). In essence, the class of plaintiffs allege that Google violated the IBIPA by sharing audio that was recorded from their Google Assistant-enabled devices with third parties.

The July 15, 2019, pleading alleges that “[u]nfortunately, Google disregards these statutorily imposed obligations and fails to inform persons that a biometric identifier or biometric information is being collected or stored and fails to secure written releases executed by the subject or the subject’s legally authorized representative.” This statement alone raises a myriad of issues for providers to consider as part of their due diligence.

Here are six questions to ask yourself before utilizing any smart assistant:

  • What do the privacy statements say, and what is being agreed to?
  • Has a risk analysis been done, and are the Privacy Rule and Security Rule requirements being met?
  • Can the items that are recorded be subpoenaed in a legal proceeding? (The answer is yes.)
  • Has consent been given by the patient to be recorded?

As healthcare technology and legal landscape become increasingly complex, providers should take a deep breath and consider the basics. Conducting an annual risk analysis along with adequate due diligence on products and business associates/subcontractors can mitigate risk and enable a provider to make an informed decision while complying with a variety of laws.

Artificial intelligence has great potential in healthcare. When in doubt about its legality, explain the device to patients, how it is being utilized and get their consent.

 

Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.

Related Articles

Resource Topics rightRail

  • Resource Topics
  • Partner Content
  • Medical Billing & Collections
  • Coding
  • Patient Relations
  • EHR
  • Law & Malpractice
Why Patient-Centered RCM: 6 RCM Trends Affecting Medical Offices & Patients [eBook]
Across Generations: Millennials & Baby Boomers Advance Healthcare Communications
A buyer’s guide to alternative payment models
How adopting a virtual business office delivers new efficiencies to one medical group
Unpredictable pairings: A new approach to community health
Connect with Us
  • Column 1
    • Home
    • About Us
    • Contact Us
  • Column 2
    • Editorial Info
    • Editorial Board
  • Column 3
    • Advertising Info
    • Reprints
    • Advertising Terms
  • Column 4
    • Terms of Use
    • Privacy Policy
Modern Medicine Network
© UBM 2019, All rights reserved.
Reproduction in whole or in part is prohibited.

We've noticed that you're using an ad blocker

Our content is brought to you free of charge because of the support of our advertisers. To continue enjoying our content, please turn off your ad blocker.

It's off now Dismiss How do I disable my ad blocker?
❌

How to disable your ad blocker for our site:

Adblock / Adblock Plus
  • Click on the AdBlock / AdBlock Plus icon on the top right of your browser.
  • Click “Don’t run on pages on this domain.” OR “Enabled on this site.”
  • Close this help box and click "It's off now".
Firefox Tracking Prevention
  • If you are Private Browsing in Firefox, "Tracking Protection" may casue the adblock notice to show. It can be temporarily disabled by clicking the "shield" icon in the address bar.
  • Close this help box and click "It's off now".
Ghostery
  • Click the Ghostery icon on your browser.
  • In Ghostery versions < 6.0 click “Whitelist site.” in version 6.0 click “Trust site.”
  • Close this help box and click "It's off now".
uBlock / uBlock Origin
  • Click the uBlock / uBlock Origin icon on your browser.
  • Click the “power” button in the menu that appears to whitelist the current website
  • Close this help box and click "It's off now".