The internet was buzzing recently that Alexa was boasting being HIPAA Compliant. While there are some skills sets that are being tested in healthcare settings, this is not an open invitation to put Alexa everywhere in your office just yet.
As with all devices that connect to the internet, a proper security evaluation and HIPAA Due Diligence assessment must be done. Anyone who can create, receive, maintain or transmit Protected Health Information from your office must be considered a Business Associate.
Anyone that has access may also be considered a Business Associate unless you are able to limit their access in ways that don’t come into contact with patient information.
Both a Business Associate Agreement and a series of questions need to be asked of the vendor before implementing the technology in your practice. We have a free white paper that can help you with what questions to start asking: