Use Of Voice Assistants

This policy has been created with the intent to protect patient health information and proprietary data from unauthorized releases.

Definitions

• Recordings. Refers to photography, video and or audio recordings.
• Virtual assistants. Passive listening and recording devices such as Amazon’s Alexa, Facebook’s Portal, Google’s Nest Hub, and other devices such as smart speakers.
• “Wake Word”. A word or words that you say in order to make an electronic device, or a feature on a device, ready to work.

Background

According to several class actions lawsuits against Amazon’s virtual assistant Alexa, it has been found that these devices frequently capture conversations by accident without being triggered by the “wake word.”

While these devices are to work only after hearing the “wake-words”, research regarding this topic has discovered that more than 1,000 sequences of words may incorrectly trigger smart speakers, such as Alexa. Furthermore, it has been revealed that after a user speaks to an Alexa device, Amazon collects, captures, and stores voiceprints of the user, and transcriptions of the voiceprints, and it does not delete the voiceprint, or the transcription created by that request.

In summary, the current structure of most virtual assistants and smart speaker’s architecture doesn’t align with HIPAA restrictions, particularly in terms of access of personal health information (PHI).

Virtual assistants have the potential to violate patient privacy as well as State and Federal laws; hence, it is the intent of this policy to ensure that no information is divulged without the authorization or consent of its owners.

Procedures

1. No Virtual Assistants shall be allowed in the office or any patient area unless the same has been cleared by the IT Department and the HIPAA Security Officer.
2. Violations of this policy shall result in disciplinary actions up to and including termination.