Nov 14, 2017

Building healthcare applications with Alexa

Smart speakers are continuing to become more popular in people’s homes. They are incredibly affordable and offer a natural way of communicating with your favorite applications with your voice.

Alexa has now surpassed 20,000 skills in its store covering a wide area of categories from Business & Finance to Weather. But could Alexa be on the brink of offering some amazing services in the healthcare sector?

The biggest obstacle for breaking into the healthcare sector is the Health Insurance Portability and Accountability Act (HIPPA). So where do Amazon and Alexa stand?

Amazon Web Services (AWS)

AWS has been slowly adding HIPAA compliance to its services. Currently, Amazon offers HIPAA compliance with a total of 39 services including:

  • EC2 (Elastic Compute Cloud)
  • S3 (Simple Storage Service)
  • AWS Lambda
  • Amazon Relational Database Service
  • and much more

In addition, there is also a quickstart accelerator for quickly deploying an example application that conforms to HIPAA requirements to help everybody from individual users to organizations get started.


Alexa has also seen some great new features announced recently such as Voice Profiles. Once setup this allows Alexa to identify your account using your voice and offers a more personalized experience, for example asking Alexa to playback any messages will result in Alexa only playing back messages that have been sent to your account.

Another exciting feature that has been recently added to Alexa is push notifications. This opt-in feature allows developers to send notifications to a user. Alexa will notify the user when a notification is sent, at which point the user can ask Alexa what their current notifications are

So what’s holding Alexa back?

In a word (ok 3 words) Protected Health Information or PHI for short. HIPAA exists, in part, to enforce that strict rules are put in place to protect an individual’s health information.

While AWS has made significant strides to adhere to HIPAA those eagle-eyed among you will notice in the list of HIPAA compliant services that AWS offers, the Alexa Voice Service is not yet a part of that list.

This means that while you can develop a skill for Alexa using health information you have to be careful with what is transmitted to Alexa. For instance, you may be able to develop a skill that reminds a user that they have pills to take today but you cannot provide any additional information on what those pills are used for.

Security is also a big concern from a user standpoint. Alexa offers the ability to protect skills from malicious use by allowing users to add a PIN to skill when linking a skill to an account. However, that PIN currently must be spoken to Alexa in order to carry out the action that was requested. This effectively gives anyone in the vicinity the PIN required to unlock the action.

Finally, while Voice Profiling is an exciting introduction to Alexa it’s functionality is currently limited to certain actions:

  • Calling & Messaging
  • Amazon Music
  • Shopping
  • Flash Briefing (News)

Other actions will draw from the primary user’s account instead of another individual’s account even if the user has their own account information linked.

Future Thoughts

These constraints mean that for now Alexa cannot be used to it’s fullest potential within Healthcare. However, Amazon appears to have all the precursor pieces in place to Allow Alexa to fully deliver once it becomes HIPAA compliant.

Companies have already started making skills that benefit users in the healthcare space without breaking HIPAA compliance by not making use of PHI in their interactions.

KidsMD, considered the first health skill in the Alexa store, allows users to ask general health information on topics such as common ailments, and medication dosing.

WebMD has also released a skill allowing users to ask health-related questions.

Amazon themselves partly hosted a diabetes challenge in which companies competed for $250,000 in cash prizes. The challenge was to create an Alexa skill that could help newly diagnosed diabetes patients and improve their experiences through the use of voice technology.

During the event, Amazon seemed to acknowledge that currently there is a potential gap with the Alexa Voice Service being non-HIPAA compliant:

“While Alexa and Lex (the technology powering Alexa) are not HIPAA-eligible, this (challenge) has provided us an opportunity to envision what is possible”

Oxana Pickeral (Health & Life Sciences Executive at Amazon)

While Amazon currently has not released any information regarding HIPAA compliance it certainly looks like they will continue to explore opportunities to push Alexa into more and more areas and so it wouldn’t surprise me if Amazon has HIPAA compliance in their roadmap for Alexa.

With Google Home, and now Apple Homepod on its way the smart speaker market is certainly getting more interesting. Keep an eye out for what should be some great innovations in this space!

About the Author

Iain Coffield profile.

Iain Coffield

Sr. Consultant

Iain is a Software Engineer with a passion for learning and new technologies. His primary focus is on JVM solutions but has recently learned to love Front End technologies such as React and Vue.

Leave a Reply

Your email address will not be published.

Related Blog Posts
Natively Compiled Java on Google App Engine
Google App Engine is a platform-as-a-service product that is marketed as a way to get your applications into the cloud without necessarily knowing all of the infrastructure bits and pieces to do so. Google App […]
Building Better Data Visualization Experiences: Part 2 of 2
If you don't have a Ph.D. in data science, the raw data might be difficult to comprehend. This is where data visualization comes in.
Unleashing Feature Flags onto Kafka Consumers
Feature flags are a tool to strategically enable or disable functionality at runtime. They are often used to drive different user experiences but can also be useful in real-time data systems. In this post, we’ll […]
A security model for developers
Software security is more important than ever, but developing secure applications is more confusing than ever. TLS, mTLS, RBAC, SAML, OAUTH, OWASP, GDPR, SASL, RSA, JWT, cookie, attack vector, DDoS, firewall, VPN, security groups, exploit, […]