This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Use Of Voice Assistants

Reference: 45 C.F.R. §160.508(c)(1)
Last Updated: July 5, 2023


This policy has been created with the intent to protect patient health information and proprietary data from unauthorized releases.


  • Recordings. Refers to photography, video and or audio recordings.
  • Virtual assistants. Passive listening and recording devices such as Amazon’s Alexa, Facebook’s Portal, Google’s Nest Hub, and other devices such as smart speakers.
  • “Wake Word”. A word or words that you say in order to make an electronic device, or a feature on a device, ready to work.


According to several class actions lawsuits against Amazon’s virtual assistant Alexa, it has been found that these devices frequently capture conversations by accident without being triggered by the “wake word.”

While these devices are to work only after hearing the “wake-words”, research regarding this topic has discovered that more than 1,000 sequences of words may incorrectly trigger smart speakers, such as Alexa. Furthermore, it has been revealed that after a user speaks to an Alexa device, Amazon collects, captures, and stores voiceprints of the user, and transcriptions of the voiceprints, and it does not delete the voiceprint, or the transcription created by that request.

In summary, the current structure of most virtual assistants and smart speaker’s architecture doesn’t align with HIPAA restrictions, particularly in terms of access of personal health information (PHI).


Virtual assistants have the potential to violate patient privacy as well as State and Federal laws; hence, it is the intent of this policy to ensure that no information is divulged without the authorization or consent of its owners.


  1. No Virtual Assistants shall be allowed in the office or any patient area unless the same has been cleared by the IT Department and the HIPAA Security Officer.
  2. Violations of this policy shall result in disciplinary actions up to and including termination.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram