Nancy J. Beckley (nancy@nancybeckley.com) is President of Nancy Beckley & Associates LLC, a rehab compliance consulting firm in Milwaukee, WI.
Have you ever asked your personal digital assistant on your smartphone to look up something for you? Certain commands and words trigger a sequence. On an iPhone you can click and start your question by asking, for example, “Siri, can you find the nearest Oktoberfest?” In the past few years, we have experienced a boom of virtual devices that do everything: monitor household security, control televisions, manage the heating and cooling in your house, and create playlists. In fact, on a recent visit to my local Apple store, I created a playlist by instructing HomePod: “Siri, create a play list of Frankie Valli and the Four Seasons.” Siri confirmed, and within minutes, everyone at my table was rocking out to “Big Girls Don’t Cry.” I overstayed my visit at the Apple store so I could listen to all the songs!
Google, Amazon, and Apple are major players in the virtual gadget market. Earlier this year, the popular press and compliance blogs reported that a woman in Oregon had her private conversations secretly recorded by a voice-controlled virtual gadget. The gadget “told” her private conversations to a random contact in response to a voice command. Apparently, the digital gadget misunderstood a word as the initiation of a voice command. Consumers are putting these devices in their homes because of the novelty, and may not have privacy as top of mind — or of any mind at all. Who can resist telling your virtual assistant or digital gadget to have the Roomba vacuum the living room? Concerns are being raised that virtual devices are tracking your every move in your home, the same as cookies are tracking your every click and website view when you are browsing online.
These digital gadgets are the fly on the wall or, more aptly known as, a microphone connected to the internet. I asked, “Hey Siri, how is your compliance with the Privacy, Security, and Breach Notification Rules?” To which Siri replied: “Hi, it’s nice of you to ask; now can I help you with something?” As compliance professionals, we have the expertise to assess some of the risks associated with digital gadgets in the home. Now it’s time to include office and facility digital gadgets in your HIPAA risk assessments — waiting rooms, clinics, surgery suites, board rooms, and all. Just thinking of potential issues makes me want to ask a digital assistant how to mitigate privacy and security risk! Have you asked your digital gadget? Do you have a fly on the wall that tells?