Now HIPAA-Compatible, Amazon’s Alexa Opens Up to mHealth Uses

Alexa, please make my health records available RIGHT NOW! One of the best parts of this trial is my primary healthcare system is also participating.

Amazon has invited six healthcare providers to develop mHealth platform for Alexa, now that the company’s smart speaker is HIPAA-compliant.

Along with Boston Children’s and Livongo, others involved in the program are Cigna, Express Scripts, Providence St. Joseph Health’s Swedish Health Connect and Atrium Health.


Source: Now HIPAA-Compatible, Amazon’s Alexa Opens Up to mHealth Uses


Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records

Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records

One would think these companies would learn from other and past mistakes, but they don’t. And wonder why the healthcare business is so flawed. Anthem is not my BCBS provider, so it shouldn’t affect me personally, but if it were BCBS of North Carolina, I would be pissed.

via Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records

Making HIPAA and HITRUST compliance easier | Blog | Microsoft Azure


Azure Blog from Microsoft


Many healthcare organizations are starting to adopt artificial intelligence (AI) systems to gain deeper insight into operations, patient care, diagnostic imaging, cost savings and so on…

This blog used to cover HIPAA and related topics much more closely than is current, however, the intersection of cloud access and keeping medical data safe and legal is a topic virtually all healthtech developers must practice daily.

Source: Making HIPAA and HITRUST compliance easier

Oklahoma Government in Row Over Alleged HIPAA Violation

Oklahoma Government in Row Over Alleged HIPAA Violation


Thinkstock via


As I read this article while attempting to keep up with interesting HIPAA articles, I did some quick research on Wikipedia, Bing search engines, and the Federal agency that covers this topic. I couldn’t find any reference to caching and storage, which is central to attaining the truth on which political position is correct on the subject. Long story short, a planned maintenance Internet outage occurred; some staffers used their smartphones loaded with an app to access Personal Health Information; no agreement on the correctness of this action bordering on partisanship.

I believed that it is the job of journalists and editors to gather facts on the subject in question and present them in the article, or at least the updated version online after a printed story. Disclaimer, I did not go to journalism school at Auburn University.

Two branches of Oklahoma’s government are embroiled in a controversy over whether the Oklahoma Department of Veterans Affairs committed a HIPAA violation.

Source: Oklahoma Government in Row Over Alleged HIPAA Violation

HHS To Propose Changes to HIPAA Privacy Rule, 42 CFR Part 2

HHS To Propose Changes to HIPAA Privacy Rule, 42 CFR Part 2

The article goes into a bit of legislative gobblygook, but the point remains that some sharing of information to solve a crisis outweighs the negatives privacy connotations. Personally, I chose to give up major online privacy years ago; that ship has sailed with Facebook, Twitter, and like services that preceded it (remember GeoCities and Myspace anyone?)

via HHS To Propose Changes to HIPAA Privacy Rule, 42 CFR Part 2

How Does HIPAA Apply to Wearable Health Technology?

How Does HIPAA Apply to Wearable Health Technology?

I have posted information on this topic before here and here among other places on this blog. My rule of thumb is that if it touches your body and records information about it, it is subject to HIPAA regulations. Knowing that this does not fit the narrative presented by limited government advocates; that is where we are. Until Medicare and Medicaid are brought on board with coverage for wearables, this health benefit will remain a niche product and service.

For additional guidance on creating effective disclosures, check out the FTC’s .com Disclosures report. If you have a health app, don’t forget to consult the mobile health apps interactive tool, the FTC’s best practices guidance for mobile health app developers and the OCR developer portal. And when you’re telling consumers about how you share consumer health information, always remember the FTC Act as well as HIPAA (“Sharing Consumer Health Information?” 2016).

How do HIPAA security and privacy protections apply to wearable health technology and the health data it collects and stores?

Source: How Does HIPAA Apply to Wearable Health Technology? Continue reading

Cloud Security, HIPAA Compliance Deter Hospitals from Cloud

I have seen this in action with interactions with my region’s dominant medical network provider. On the date this blog post was made, I had an appointment with the Sleep Medicine service and found out that they could not remotely view my CPAP data due to older equipment not having cloud access built in despite an internal modem and SD Card recording mainly compliance data. Since the machine is doing what it’s supposed to do, there is no rush to upgrade.

Healthcare organizations are conservative in technology by nature, due to government regulations and best financial practices, among other reasons. The three biggest Cloud Service Providers, Amazon Web Services, Microsoft’s Azure, and Google Cloud are all HIPAA compliant, so that is not the reason for the reluctance. There are a significant number of organizations, 40% (Donovan, 2018), that have yet to act on a successful migration to the cloud, whether it is a full or hybrid version; I get that. The trend, despite political opposition, is to pursue a managed care and/or a single-payer system, such as Medicare, Medicaid, and Veterans Health. Their hands will be forced as the revenue per patient constricts while compliance expenses increase.

While Electronic Health Records placement in a cloud has a relatively low starting point, the integration into existing networks can be costly. However, 58 percent of our healthcare survey respondents stated that cloud is inexpensive to buy, but expensive and/or difficult to implement and integrate with other resources – highlighting an often-overlooked aspect of cloud costs that can be difficult to quantify (Anonymous, 2015). Connectivity to the cloud has a cost to it, and in rural areas, may not be available at the speed and reliability necessary for real-time access to information that is necessary to operate efficiently. The previous statement is a rationale for a hybrid cloud, which means local IT support replicated to the cloud increasing the cost, which gets passed on to the healthcare consumer.

The takeaway from this is “hang on, it is a bumpy ride”; well worth the effort to get to personal patient control of information and costs.

Cloud security, HIPAA compliance, and privacy are the three primary concerns for hospital CIOs who have considered using cloud-based applications.

Source: Cloud Security, HIPAA Compliance Deter Hospitals from Cloud

Continue reading