Healthcare Information Technology

Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches

Cybercriminals are managing to find and exploit vulnerabilities to gain access to healthcare networks and patient data with increasing regularity. The past two months have been the worst and second worst ever months for healthcare data breaches in terms of the number of breaches reported.

Phishing attacks on healthcare organizations have increased and email is now the most common location of breached protected health information. However, a recent analysis of the data breaches reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in the past 12 months has revealed servers to be the biggest risk. Servers were found to be involved in more than half of all healthcare data breaches.

Clearwater Cyberintelligence Institute (CCI) analyzed the 90 healthcare data breaches reported to OCR in the past 12 months. Those breaches resulted in the exposure, impermissible disclosure, or theft of the records of more than 9 million individuals.

The CCI analysis revealed 54% of all reported breaches of 500 or more healthcare records were in some way related to servers.

Servers house essential programs that are used across the healthcare organization. As a central repository of programs and data, they are an attractive target for hackers. Once access has been gained, data can be viewed, copied, altered, or deleted, systems can be sabotaged, and healthcare organizations can be subjected to extortion using ransomware.

CCI performed a risk analysis to determine high and critical risks facing health systems and hospitals. CCI determined 63% of all identified risks were related to the failure to adequately address vulnerabilities in servers.

The high number of server-related data breaches clearly shows that those flaws are being exploited by hackers to gain access to healthcare networks.

According to CCI, one of the most common server vulnerabilities is the failure to keep on top of user account management. When employees leave the company their accounts must be deleted. Dormant accounts are a major risk and are often used by malicious actors to access systems and mask their activities. CCI notes the risk increases with the number of accounts that are left dormant. The longer those accounts are left open, the greater the likelihood that at least one will be used for illicit or malicious purposes.

To address this risk, security controls should be implemented that automatically disable or delete accounts when the HR department changes the status of an employee. If that is not possible, CCI recommends conducting frequent, periodic reviews to ensure all unused accounts are disabled.

In an ideal world, an account would be disabled instantly. In practice, CCI recommends having the systems, policies, and procedures in place to ensure no account remains open for more than 48 hours after it is no longer required.

Reviews of system activity logs should also be conducted to determine whether dormant accounts have been used inappropriately or if any actively used accounts have been compromised or are being misused.

Excessive permissions on user accounts is another serious server vulnerability. Excessive permissions can result in accidental or deliberate access, alteration, or deletion of data. The failure to restrict access rights is also a violation of the HIPAA principle of least privilege.

CCI reports that the risk of excessive user permissions is highest in organizations that do not regularly review user permissions (43.6%), perform user activity reviews (43.6%), or when there is a lack of proper user account management (43.1%).

Regular reviews of user activity will help healthcare organizations to quickly identify anomalies in user data that could be indicative of account misuse or a cyberattack. The frequency of those reviews should be dictated by several factors, including staff turnover and the number of users. CCI suggests user permission and user activity log reviews at least every quarter for an organization with 100 or more users.

The post Vulnerabilities in Servers Behind Majority of Healthcare Data Breaches appeared first on HIPAA Journal.

ONC Report Reveals Trends in Access and Viewing of Medical Records Online

Most hospitals and physicians have now adopted electronic medical records, yet only half of patients have been offered access to their medical records online, according to a new report from the HHS’ Office of the National Coordinator for Health Information Technology (ONC).

Two of the aims of the 21st Century Cures Act were to make it easier for patents to access their health information and to improve education of patients about their rights to access their health data. The ONC conducted its Health Information Trends Survey (HINTS) to determine whether patients are being offered access to their medical records online and whether they have exercised that right and have viewed medical records that have been made available.

In 2018, there was no change in the number of patients being offered access to their medical records online. As was the case in 2017, 51% of patients were given that opportunity. However, the number of patients using that access to view or download their medical records increased. 30% of patients who were given the option had viewed their records at least once, compared to 27% in 2017.

Individuals who visited their doctor at least once in the past 12 months were twice as likely to be offered access to their medical records online than those who did not. They were also more than 50% more likely to exercise that right and access their medical records than patients who had not visited their doctor in the past 12 months.

Out of the patients who did view their medical records online, 29% viewed records 1 or 2 times, 19% viewed their records between 3 and 5 times, and 11% accessed their records 6 or more times. The number of patients who downloaded their medical records was a third higher than in 2017.

Individuals with chronic conditions were more likely to be offered access to their medical records online, as were individuals with at least a college degree, and individuals with a family income of $75,000 or higher.

When asked about the reasons why they chose not to view their medical records online, the findings were largely similar to 2017. The main reason was patients preferred to speak to their healthcare provider directly (73%) and patients did not have a need to view their medical records (65%).

There were two significant changes. There was a decrease in the number of individuals who said they did not access their records out of privacy and security concerns, falling from 25% in 2017 to 14% in 2018. There was also a fall from 20% to 10% in individuals who said they did not have a way of accessing the Internet.

Americans do appear to be taking a greater interest in their health. There has been an increase in the number of individuals using health and wellness apps. 49% of respondents said they used such an app on a smartphone or tablet and one third of individuals said they use an electronic monitoring device such as a Fitbit-type device, blood pressure monitoring device, or blood glucose monitor.

75% of individuals who use an app do so to track progress toward a health-related goal. 48% use the apps to make decisions about illnesses or health conditions, and 45% use the apps to discuss their health with their providers.  The number of individuals who shared health information with a healthcare professional electronically via their smartphone or tablet increased from 26% to 28%.

“Making it easier for individuals to use apps to access, view, and subsequently share their online medical record data may enable individuals to better manage their health and address gaps in interoperability,” explained ONC. ONC’s interoperability Rule, published in February, will make it even easier for patients to access and use their health data through the use of APIs.

The post ONC Report Reveals Trends in Access and Viewing of Medical Records Online appeared first on HIPAA Journal.

AAN Suggests Third Party App Security Framework Must be Included in the CMS Interoperability Plan

The American Academy of Neurology (AAN) has voiced concerns about the interoperability plans of the Centers for Medicare and Medicaid Services (CMS) and the HHS’ Office of the National Coordinator for Health IT (ONC).

In February, both ONC and CMS proposed new rules that aim to reduce information blocking and improve interoperability. The AAN supports ONC and CMS efforts to reduce information blocking and improve interoperability. Data blocking and interoperability problems force clinicians to spend more time on clerical work, which means less time is spent providing direct care to patients.

The AAN believes many of the provisions in the new rules are necessary for empowering patients and providers by providing comprehensive access to patient data; however, in a recent letter to CMS Administrator Seema Verma, the AAN has expressed concern about patient safety and security if the ONC and CMS interoperability plans are implemented.

The AAN supports efforts to advance the use of standardized Fast Healthcare Interoperability Resources (FHIR) based APIs to allow patients to easily gain access to their health data, including claims information, lab test results, medications, and clinical notes. Easy access to that information will help with care coordination and will improve patients’ understanding of their conditions and treatments. However, there are potential problems.

“Consistent policies are needed across the board to incentivize and facilitate the exchange of data across systems,” wrote AAN President Ralph L. Sacco. “Many EHRs do not support the robust use of application program interfaces (APIs) for data exchange or are hindered by APIs that are implemented in proprietary ways that inhibit data exchange.” The AAN has also voiced concerns about privacy and security.

While the AAN understands that once PHI has been shared through an API it is no longer the responsibility of the provider to protect that information, but the AAN believes a security framework is required for third-party applications to prevent unauthorized disclosures once PHI has been transmitted by providers.

There is currently no federal regulatory framework to address unauthorized disclosures of PHI onside of enforcement by the FTC. Without a regulatory framework, a burden is placed on providers to ensure that they inform patients of the potential risks, when it should be the responsibility of app developers to ensure that all necessary precautions are taken to ensure PHI is protected. The AAN is seeking clarification on the responsibilities of third-party applications to ensure patient information is protected.

Unauthorized disclosures after PHI has been transferred do not constitute HIPAA violations, but they do have potential to negatively impact a provider’s reputation. Further, explaining the risks to patients may result in patients declining to share their information, which would work counter to CMS’s goal of promoting exchange of data and could detrimentally impact providers’ relationships with their patients.

“Given the sensitive nature of PHI and the paramount importance of trust between patients and providers, the AAN implores CMS and the FTC to ensure that there are clear security guidelines for third-party APIs and that there is robust enforcement to ensure that third-party applications are responsible stewards of patient data,” wrote Sacco.

Concern has also been raised about the sharing of certain types of particularly sensitive information, such as high-risk genetic testing data. If a patient has a genetic test that indicates there is a high probability that the patient will develop an incurable degenerative disease such as Huntington’s disease, prior to that information being shared with patients and their families it is necessary to make sure appropriate counselling is provided. The AAN suggests that that type of information should not be shared through APIs.

The AAN also believes the proposed six-month implementation time scale for many of the proposed changes is much too short. Complying with the new requirements in such a short time frame will place a significant burden on providers. More time has been requested for implementing the proposed system-wide changes.

The College of Healthcare Information Management Executives (CHIME) is also urging the CMS and ONC to extend the timescale for complying with the proposed changes and has suggested an interim rule is required and the time frame for complying should be extended from six months to three years.

The post AAN Suggests Third Party App Security Framework Must be Included in the CMS Interoperability Plan appeared first on HIPAA Journal.

CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability

The second Senate HELP Committee hearing on the proposed roles for implementing the electronic medical records provisions of the 21st Century Cures Act has taken place this week.

The Committee heard from National Coordinator for Health IT, Donald Rucker, and Director and Center for Medicare And Medicaid Services Chief Medical Officer, Kate Goodrich, M.D.

The hearings aim to find a way forward to ensure the efficient accessing and sharing of health information between care providers and patients.

The prevention of information blocking is one of the main goals. By allowing health information to flow freely between providers and be shared with patients, the cost of healthcare can be significantly reduced. According to Dr. Brett James of the National Academies, as much as 50% of the costs of healthcare are unnecessary. Patients are having to repeat tests because their information cannot be shared between different healthcare providers and there is considerable duplication of administrative tasks as a result of information blocking.

Earlier this year both the CMS and ONC proposed new rules to tackle the issue of information blocking, EHR usability, and patient empowerment. Goodrich explained that consumers need to put in the driving seat and be empowered to make decisions about their own healthcare. For that to happen, patients need easy access to their healthcare data. They can then pass that information on to whoever they wish.

The CMS and ONC’s proposed rules believe this goal can be largely achieved through the use of open APIs. APIs have been used in other industry sectors and have “transformed business after business after business,” according to Rucker.

Standards-based API technology should improve the sharing of healthcare data, although Rucker cautioned that for them to work, healthcare business practices that enable information blocking must be dismantled. Rucker suggests that rules preventing information blocking need to be implemented as soon as possible.

While progress needs to be made quickly, Committee Chair Sen. Lamar Alexander, R-Tennessee warned of moving too quickly and encountering similar problems to hose with Meaningful Use. “My major concern is to remind the administration of the advice that my piano teacher used to give me before a recital… Play it a little slower than you can play it, you’re less likely to make a mistake.”

Progress is being made. The CMS has already launched two initiatives (MyHealthEData and Blue Button 2.0) which will require Medicaid fee-for-service, managed care plans, Medicare Advantage Plans and others on the Federal Exchange to maintain secure APIs that allow individuals enrolled in those plans to easily access their own health information. It is hoped that developers will follow suit and build on the work that CMS/ONC has already done in this area.

While everyone wants the goals to be achieved, there is concern that the use of APIs could introduce privacy and security risks. These concerns were shared by Rucker and Goodrich, especially with respect to disclosures of health data to apps.

While apps will undoubtedly be required to receive health data and allow patients to share their health information with others, there are serious concerns as health apps are not well regulated. While there are some FTC regulations covering health apps, they are not covered by HIPAA requirements and are unlikely to be in the future.

If information is disclosed to the apps, patient privacy could be placed in jeopardy. Patients’ health data could be used by app developers and sold on to companies such as Facebook. Patients may not be aware of the implications of what could happen if their health data is disclosed to an app.

After disclosure to an app, healthcare organizations will not be liable for that data – as confirmed by the Office for Civil Rights recently – but patients could be exploited. What happens to data after it has been disclosed to an app is down to a contractual agreement between the patient and the app developer.

The reality is the uses and disclosures of patient data are likely to be hidden in a long list of T&Cs in app privacy policies, which may not be read or understood by patients. There are also few controls over what can be done with that information and how that information is secured.

“How data is secured and used in third-party apps illustrates a pressing issue that is currently part of a national discussion that extends beyond healthcare and into data privacy, stewardship, and regulatory interventions,” said Rucker. At present, patients need to “balance their selection and use of a health app with the potential risk of having negative implications.”

What is clear is there needs to be greater regulation of health apps, especially in light of recent reports about health information being shared with Facebook without user consent.

The post CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability appeared first on HIPAA Journal.

NIST Issues RFI Seeking Comments to Inform the Development of AI Standards and Tools

The National institute of Standards and Technology (NIST) has issued a request for information (RFI) seeking feedback from industry stakeholders to inform the development of new standards and tools to support systems that use artificial intelligence (AI) technologies.

February’s Executive Order on Maintaining American Leadership in Artificial Intelligence requires NIST to create a plan for developing technical standards and tools to support the creation of reliable, robust and trustworthy AI-based systems, along with tools that will are necessary or helpful in reducing barriers to the safe testing and deployment of AI-based systems.

NIST is seeking comments from stakeholders to improve its understanding of the current uses of AI, the opportunities offered by AI-based systems, and the challenges currently faced.  NIST hopes stakeholder comments will help to determine current priority areas.

The RFI has three main areas of focus:

  • The status of and plans for AI technical standards and related tools development
  • Defining and achieving U.S. leadership in AI standards
  • Prioritizing federal government engagement in AI standardization

NIST seeks information on current standards and tools along with the names of the organizations addressing the need for standards and whether they have addressed sector-specific needs or if they can be applied more broadly.

NIST is also keen to find out where U.S. companies are leading the development of standards and how federal agencies can help to meet the needs of developing standards and AI tools.

Standards-related tools can include, but are not limited to, testing tools (covering conformance, performance, interoperability, and stress testing), reference data and data sets, use cases, training programs, and reference implementations

“Sound technical standards, performance metrics and tools are needed to foster public trust and confidence in AI technologies, enabling the market adoption of the next wave of innovations that will contribute to the economic and national security of the United States,” explained NIST Director Walter G. Copan.

Comments are being sought from the private sector, academic institutions, federal agencies, nongovernmental organizations, and other stakeholders with expertise in AI and related standards to inform development of the plan.

NIST is required to develop its plan within 180 days of the executive order and will be accepting public comments up until May 31, 2019. NIST will also be hosting a workshop on May 30 at its Gaithersburg, Maryland, campus to promote further discussions in support of its plan for engagement in AI technical standards.

Further information on the RFI and the specific areas where feedback required are available here.

The post NIST Issues RFI Seeking Comments to Inform the Development of AI Standards and Tools appeared first on HIPAA Journal.

MD Anderson Cancer Center Fires Three Scientists Over Concerns About Theft of Research Data

MD Anderson Cancer Center, the world’s leading cancer research center, has recently fired three scientists with strong links to China over espionage fears after being alerted by the National institutes of Health (NiH) to irregularities involving grant recipients.

NiH, the largest public funder of biomedical research in the United States, had been instructed by federal officials to investigate certain professors who were believed to be in violation of granting agency policies.

NiH, assisted by the FBI, discovered potential conflicts of interest and unreported foreign income by five members of MD Anderson staff. NiH sent emails to MD Anderson in 2018 and demanded a response within 30 days.

The failure to take action could potentially result in NiH withholding essential funding. MD Anderson received $148 million in NiH grants in 2018.

In response to the accusations, MD Anderson conducted an investigation and initiated termination procedures for three professors, two of whom resigned from their posts before proceedings started. The fourth professor was investigated but termination was not deemed to be warranted. The investigation into the fifth professor is ongoing. Three of the professors concerned are ethnically Chinese and all are of Asian origin.

The firings were in relation to possible diversion of intellectual property, failure to disclose substantial resources from other institutions, and the sharing of confidential information on grant applications.

“We have an obligation to do all we can to protect our intellectual property and all state and federal resources entrusted to us,” said MD Anderson President Peter Pisters, MD. “We must be vigilant in protecting the outstanding work of our faculty and ensuring our continued ability to conduct world-class research in our pursuit to end cancer.”

According to the Houston Chronicle, which reported on the terminations, NiH has sent similar emails to dozens of other organizations voicing concerns about certain individuals who may have been recruited by foreign governments to steal proprietary research information. It is likely that these three actions will be the first of many over the coming weeks.

Concern has been growing recently about scientific research conducted in the United States being stolen by China and other foreign governments. The information is used to run ‘shadow laboratories’ overseas to benefit those countries.

The FBI has reported that up to $600 billion is being lost each year to intellectual property theft. FBI Director Christopher Wray said China is the biggest threat and is engaging in espionage in all 50 states across multiple industries.

The post MD Anderson Cancer Center Fires Three Scientists Over Concerns About Theft of Research Data appeared first on HIPAA Journal.

HHS’ ONC Releases Second Draft of Trusted Exchange Framework and Common Agreement

The HHS’ Office of the National Coordinator for Health IT (ONC) has released the second draft of its Trusted Exchange Framework and Common Agreement (TEFCA) and is seeking comments on the updated text.

The purpose of TEFCA is to help ensure there is seamless, interoperable exchange of health information, which is critical to the creation of a health system that empowers providers and patients and delivers better healthcare at a lower cost.

The 21st Century Cures Act promoted a national framework and common agreement for the trusted exchange of health information. The framework is required as there is currently no core exchange mechanism that can be used by healthcare providers, health plans, vendors, public health departments, and federal, state, local and tribal governments. Trusted exchange is too complex.

Currently, multiple exchange methods need to be used. The majority of hospitals use three or four exchange methods and three in ten use more than five methods. This approach is inefficient and expensive. Healthcare organizations are having to build several point-to-point interfaces to communicate health information with each other. The Trusted Exchange Framework will reduce the need for individual interfaces to be developed and maintained.

The five key goals of TEFCA are to create a single on-ramp for nationwide connectivity, to ensure electronic information is available whenever and wherever it is needed, to build a competitive market to allow all entities to compete on data services, to support nationwide scalability for network connectivity, and to achieve long-term sustainability.

In addition to helping healthcare entities efficiently exchange health information, the trusted exchange framework has important benefits for patients, including the ability to find all of their health information that has been recorded by multiple providers, even if they do not remember the names of those providers. This will help patients and their caregivers to participate more fully in their care and manage their health information.

After publishing the first draft of TEFCA, ONC received more than 200 comments from industry stakeholders. After careful consideration of the comments, ONC has made key revisions to the Trusted Exchange Framework (TEF) and the Minimum Required Terms and Conditions (MRTCs) for trusted exchange and has released the first draft of a Qualified Health Information Network (QHIN) Technical Framework.

Together, these documents form the basis of a Common Agreement for QHINs and their participants and include technical and legal requirements for the sharing of electronic health information nationwide across disparate networks.

ONC will be responsible for maintaining the TEF and the HHS is looking to appoint a non-profit industry-based organization – a Recognized Coordinating Entity (RCE) – to develop, update, implement and maintain the Common Agreement. The HHS has announced the release of a notice of funding opportunity to engage an RCE. Applications will be received up until June 17, 2019.

“We expect that the implementation of the Trusted Exchange Framework and the Common Agreement, will bring us all that much closer to achieving the administration’s goals of nationwide interoperability,” said HHS’ national coordinator for health information technology, Dr. Donald Rucker.

The HHS is seeking comments on the second draft of TEFCA until June 17, 2019.

The post HHS’ ONC Releases Second Draft of Trusted Exchange Framework and Common Agreement appeared first on HIPAA Journal.

HHS Extends Comment Period on Proposed Rules to Improve ePHI Interoperability

The Department of Health and Human Services has extended the deadline for submitting comments on its proposed rules to promote the interoperability of health information technology and electronic protected health information to June 3, 2019.

Two new rules were released on February 11, 2019 by the Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare and Medicaid Services (CMS). The purpose of the new rules is to support the secure access, exchange, and use of electronic health information. The rules cover technical and healthcare industry factors that are proving to be barriers to the interoperability of health information and are limiting the ability of patients to gain access to their health data.

The deadline has been extended to give the public and industry stakeholders more time to read the proposed rules and provide meaningful input that can be used to help achieve the objectives of the rules. The extension has come in response to feedback from many stakeholders who have asked for more time to review the rules, which have potential to cause a range of issues for healthcare organizations.

Two other factors influenced the decision to extend the deadline. There appeared to be some confusion over HIPAA and whether healthcare providers are accountable for how patients use their health data. Also, the ONC has recently released the second draft of its Trusted Exchange Framework and Common Agreement (TEFCA), which could factor into comments. While there is not a great deal of overlap between TEFCA and the ONC/CMS proposed rules, both do cover interoperability and operate in the same space.

In addition, the HHS’ Office for Civil Rights has released a new FAQ for patients to explain the HIPAA right of access in relation to health apps used by patients and application programming interfaces (APIs) used by healthcare providers’ electronic health record systems. The FAQ confirms that after a patient discloses health information via an app, subsequent uses and disclosures are only the responsibility of the healthcare provider if the app developer is one of the healthcare provider’s business associates.

The post HHS Extends Comment Period on Proposed Rules to Improve ePHI Interoperability appeared first on HIPAA Journal.

AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology

Amazon Web Services’ chief technology officer, Werner Vogels, has been dispelling security myths about cloud computing at the Dublin Tech Summit in Ireland this week.

Concerns have been raised about the security of data stored in the cloud, especially following the discovery that 540 million Facebook records had been exposed on AWS: One of several high-profile data breaches that have involved AWS-stored data in the past 12 months.

Fears About Compliance and the Cloud

Companies required to comply with General Data Protection Regulation (GDPR) must ensure that the personal data of EU citizens is secured and kept private and confidential. Since GDPR came into effect on May 25, 2018, the potential penalties for data exposures have increased significantly. It is therefore understandable that companies are concerned about storing data in the cloud rather than on-premise infrastructure that they feel better able to secure.

Germany’s federal commissioner, Ulrich Kelber, spoke before Vogels at the Tech Summit and voiced his concerns about American cloud storage providers, stating that they should not be used for hosting police data as there was a risk of snooping. The federal commissioner was particularly concerned about the passing of the Cloud Act in 2018, which could allow federal law enforcement to gain access to data stored by U.S. technology companies.

Many companies in the United States are also wary about using the cloud for storing sensitive data such as protected health information, and the potential for HIPAA violations. As is the case with GDPR, the penalties for data exposure can be severe and, for small healthcare organizations, potentially catastrophic.

Vogels explained that cloud security should not be a concern and storing data on AWS is perfectly secure. His advice to all AWS users is “encrypt everything,” but at a minimum, make sure that all personally identifiable information is encrypted.

By encrypting data, companies can meet the requirements of GDPR, HIPAA, and other federal and state regulations. As for the Cloud Act, if a technology company is issued with a warrant to release data, if the AWS customer has encrypted their data using modern encryption standards, and only they hold the key to decrypt the data, it is perfectly secure. Any conversation about data access is then between law enforcement and the customer. AWS will not be involved.

Vogels also explained that AWS has improved its controls to make it harder for data to be exposed. All customer information is now closed off by default. It takes a deliberate action to remove AWS protections and leave data accessible. Should that happen, major red flags are raised.

Vogels said, “We’re very strong believers that the best way to help our customers protect themselves from whatever bad actors you can imagine is to ensure encryption is as easy to use as any other digital service.” Encryption is offered through AWS to make securing sensitive data as easy as possible.

Voice Technology Has Huge Potential

Vogels also spoke about one potential big area for Amazon. Big even by Amazon’s standards. Vogels said Amazon is not looking to invest in technologies that will add $100 million to the balance sheet. Amazon is looking for billion-dollar plus opportunities. Alexa voice technology is a prime example.

Amazon Alexa is the leading voice technology and has already found uses in healthcare. HIPAA was something of a stumbling block as the regulations covering protected health information are strict, but Amazon has recently solved that problem. Amazon is offering business associate agreements to a select group of companies and has made sure that its voice tech can transfer data securely in a manner compliant with HIPAA Rules. Last week Amazon announced that six new healthcare skills had been launched that could be used in connection with PHI. The company will be collaborating further with healthcare organizations, although by invite only at this stage.

Skills have also been developed by WebMD which allow users to ask questions about their symptoms using voice commands rather then entering information on a website. These skills are just the tip of the iceberg and the potential uses of voice technology in healthcare are huge. Alexa could even be used by people to gain access to healthcare information stored in their EHRs in the not too distant future.

Vogels certainly believes voice technology is the way forward and thinks voice commands will be the main way that people interact with digital systems in the future.

The post AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology appeared first on HIPAA Journal.