Amazon to build HIPAA compliance team for Alexa

Amazon is reportedly building a “health & wellness” team dedicated to making Amazon’s voice assistant technology, Alexa, more useful in healthcare capabilities. Areas include diabetes management, support for new mothers and infants, and aging care.

The most crucial challenge facing the team is the regulations set out by the Health Insurance Portability and Accountability Act (HIPAA). HIPAA addresses the security of healthcare information and mandates the establishment of national standards for electronic health care transactions, and national identifiers for providers, health insurance plans, patients, and employers. HIPAA also includes a data privacy rule that regulates the use and disclosure of protected health information (PHI) held by covered entities and protects individuals’ rights to understand and control how their health information is used. As of now, Alexa does not meet HIPAA’s requirements. However, Amazon Web Services (AWS) does support HIPAA compliance.

Achieving compliance with HIPAA

As the digital health field continues to expand with more and more organizations getting involved, compliance with HIPAA is becoming increasingly important. The HIPAA violation penalty structure is tiered according to the cause of the incident and the actions taken to remedy it. In cases of willful neglect, fines are much higher than incidents that covered entities and business associates would not have known about by exercising reasonable diligence. Civil penalties for HIPAA violations range from $100 to $50,000 per violation. Criminal penalties, on the other hand, range from fines of $50,000 and one year of imprisonment to fines of $250,000 and ten years of imprisonment.

ISO 27001 and HIPAA

Organizations with multiple compliance requirements (such as HIPAA, the Sarbanes-Oxley Act, the Payment Card Industry Data Security Standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA), and the EU General Data Protection Regulation (GDPR)) often seek registration to ISO 27001, the international standard for information security management systems (ISMSs). This standard can centralize and simplify disjointed compliance efforts, presenting a comprehensive and universally applicable approach to implementing and maintaining a best-practice ISMS. As such, organizations will often achieve compliance with a host of related legislative frameworks by simply conforming to ISO 27001. By virtue of its all-inclusive approach, ISO 27001 encapsulates HIPAA’s information security elements by providing an auditable ISMS designed to be continually improved.

Learn how to implement ISO 27001

IT Governance’s ISO27001 Certified ISMS Lead Implementer Training Course will guide you through the process of implementing an ISO 27001-conformant ISMS. You will gain an understanding of the activities needed to plan, implement, and maintain a best-practice ISMS.

Click here to book your place today >>

Leaders in ISO 27001