Skip to Main Content

Amazon unveiled software on Thursday that allows health care companies to build Alexa voice tools capable of securely transmitting private patient information, a move that opens the door to a broad array of uses in homes and hospitals.

The announcement was accompanied by the launch of six voice programs built by large health businesses ranging from Boston Children’s Hospital, to the insurance giant Cigna, to the digital health company Livongo. The new tools allow patients to use Alexa to access personalized information such as progress updates after surgery, prescription delivery notifications, and the locations of nearby urgent care centers.

Perhaps more significant than the individual uses is Alexa’s ability to now traffic in patient information that is protected by the U.S. health privacy law known as HIPAA — a step many stakeholders in the industry have been anticipating. The company said its Alexa Skills Kit, a collection of tools for building voice programs, can be used by health firms to create products that transmit and receive patient data. The move will embolden hospitals, insurers, and other health care firms to expose Alexa to more sensitive details of patients’ lives and medical conditions, and potentially embed the technology deeper into clinical settings.


So far, Amazon has only invited the six companies to use its HIPAA-compliant skills kit to build voice programs. But the company said Thursday that it expects to enable additional health companies to access it as well.

“Every day developers are inventing with voice to build helpful and convenient experiences for their customers,” Amazon wrote in a blog post announcing the news. “These new [Alexa] skills are designed to help customers manage a variety of healthcare needs at home simply using voice.”


The announcement is the latest of several moves telegraphing Amazon’s effort to make inroads into the nation’s $3.5 trillion health care market.

Just in the past year, the company bought the online pharmacy PillPack for $1 billion, presumably to begin selling and shipping prescription drugs. It expanded its business selling supplies to hospitals and launched an exclusive line of over-the-counter products. It also introduced a product called Amazon Comprehend Medical, a machine learning tool that allows users to extract relevant clinical information from unstructured text in patient records.

In addition, the company has formed research partnerships with several major hospitals, including Fred Hutchinson Cancer Research Center in Seattle and Beth Israel Deaconess Medical Center in Boston. And it is working with Accenture and the pharmaceutical giant Merck to create a data-driven drug development platform on Amazon Web Services, its cloud service.

The company sees its voice technology as one of the most promising lines of business, one that could be used to give patients and caregivers more timely information to help manage their conditions and access services. These are the Alexa tools unveiled Thursday:

  • Cigna created a voice program to allow employees of its large national clients to manage their health improvement goals and earn wellness incentives.
  • Express Scripts, the pharmacy benefit manager acquired by Cigna, built a tool to allow people to check the status of home delivery prescriptions.
  • Boston Children’s Hospital built a program enabling parents and caregivers to provide clinicians with updates on their progress after surgery and get information on post-operative appointments.
  • Providence St. Joseph Health, a network of 51 hospitals in seven states, created a tool enabling customers to search for a nearby urgent care center and schedule a same-day appointment. Atrium Health, which operates more than 40 hospitals and 900 clinics in North Carolina, South Carolina, and Georgia, built a similar tool.
  • Livongo, a digital health company that helps users manage chronic conditions, launched a program that allows people to query their last blood sugar reading and blood sugar measurement trends, and receive personalized health advice.

Alexa itself was still catching up to the news Thursday morning. Asked whether it was HIPAA-compliant, it responded: “Sorry, I don’t know that one.”

  • hi Mr. Ross:
    I work in a clinic where another practitioner thought it a good idea to have an Alexa device in a treatment room. Alexa as we all should know is always listening and recording. As well as a google/android phone that could be lying on a counter top or desk. I have no doubt there has been tens of thousands of HIPPA violations racked up by now. Who’s responsible for this and who should pay the fine? I get that google wants to get in on the healthcare game by making some part of it’s function compliant, I’m not referencing that. I believe this is a nuclear bomb ready to go off. I’m very interested in your opinion.
    Regards, Dr Bob Helm

  • The problem with this (and there are several) is that the paradigm is upside-down. We first need to consider who is the Covered Entity and who is the Business Associate. The Business Associate should sign the Covered Entity’s business associate agreement ; not the other way around. The organization writing the agreement is naturally going to place their own interests above the others. If you are the Covered Entity you’d better be sure it favors you.

  • For sure we need to be smart and simple when it comes to responsibility and accountability in the form of health and financial information. It is just as simple and possible to create and depend on for the data and information you want and needs to be available and responsible for any transactions and traffic allowed and referred to account. Yes, you can be hacked and tracked by the government and deceitful criminal minds of greed and exploitation. The bottom line is the truth. Fear and intimidation to keep information and communication limited and regulated to the general public and motivated investors of technology and possibility to what I know and believe is here and know.

    Here is how I see it. If we trust money and service to be done via the internet, We can trust are medical and personal information will be respected and protected by the company and technology that is providing and offering service. Amazon and Facebook are two examples of personal and financial quality and ability to exploit and expand personal and logical ways to a simple and manageable place to connect and communicate information and education to grow and take anything for everything we want and need and expect as for the simple and credible creation of the internet…….

    Facebook is being exploited for the social and personal enjoyment of users. This is because the users and the social groups were being visited and it violated by organized crime and political groups. I am going to share the experience I had and the intention and motivations of the facts and the myths.

    The Facebook plan has been a smart and meaningful part of a well thought out plan of a well-intended person of a technological possibility of cyberspace, and the six degrees of separation and connection of humanity. You request a friend or person to accept and they agree and allow what information and communication shared. It was not intended for religious organized exploitation and marketing or political intimidation and censorship for a personal and intentional gain of terror and fear and who and how it is seen. I was solicited by Joyce Myers and Joel Osteen, Request to be a friend from them, I joined groups that were my personal choice and knew I was communicating and entering very political and spiritual places that I knew could be useful and harmful to the people who intentions and situations were marketed and targeted for. I was offended and emotional harmed by medical marketing that is a long line of Facebook issues that has been taken care of by facebook, and was not and should not be responsible for the problem, Just the simple personal information for the user to allow was good. The other problems I was able to see are the real danger and responsible party. But my choice to allow and accept. I do not like that my conversations were omitted from my page and want it back. And want that to be same for the medical data I have and had on an electronic medical chart and, Amazon and any other place that bids to this responsibility better be sure they are sleeping with the right people because the truth and the facts will come out. Amazon would not be if a package or a debt was not handled and provided with integrity and accountability. Hacking and questioning logistics seem to be productive and with that being said be smart and know the market for data is a responsibility and reality for the company that is built on integrity and quality that is simple and true.
    You are investing with the wrong people.

  • The HIPAA rules were written before we knew about the many intrusive ways these companies would use our data. There is no agency making sure that there is any compliance with the regulations. These tech companies have already been caught violating basic privacy, and monetizing this data is some really disruptive ways. There have been no consequences for this activity either. They have been using their access to these massive databases, to undermine public health, demonize low income people, perpetuate hate and racism, and control public discussions. They have already used their out-sized power over the media to mislead and misinform. We need to question all of it!

  • Considering that “Amazon knows what you’ve bought, and has a pretty good idea of what you might want to buy next,” according to and they have developed surveillance technology that directly violates the Fourth Amendment and ɢɪᴠᴇɴ ᴀᴡᴀʏ that technology to police and federal law enforcement agencies according to, what makes anyone believe Alexa will comply with HIPAA regulations on privacy?

  • All due respect, there is no such thing as a secure internet access, regardless of what or who states differently. The easiest way to acquire a confidential information database is through the internet of any and all corporations. There is only a stringent manner to design a web site that is more difficult to hack into than others.

    All internet databases are at risk for being hacked into, regardless of who claims they are not. The HIPPA-compliant laws are not somehow safe from those who are able to obtain the databases with the individuals’ privacy, and to make that claim is misleading to all.

Comments are closed.