No One is Sure Why Amazon Needs a HIPAA Compliance Officer

Ryan Black
JANUARY 16, 2018

(Former Defense Secretary Ash Carter tours Amazon's headquarters in 2016. Photo courtesy Department of Defense)

First, there was a potential pharmaceutical play. Then, there were articles about a mysterious, health-centric project called “1492.”

Now, there’s a job listing.

While hundreds of cities clamor to become Amazon’s home-away-from-home, the retail giant has continued to quietly toy with various entries into the healthcare market. According to the new listing, it is looking for someone who can ensure that its services are in line with the essential health privacy laws, including both HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act).

The HIPAA Compliance Officer will be asked to create “a HIPAA security and compliance program to ensure that technology and business processes meet our HIPAA Business Associate Agreement (BAA) requirements.” The listing doesn’t specify what projects it is planning, or what data it will be handling, that will fall under HIPAA or HITECH regulation.

Amazon could be exploring legitimate medical applications for its Alexa-powered talking cylinders, like the Echo, and their underlying technology, according to speculation. “Experience with FDA and the 510K process” is listed as a preferred qualification—510(k) applies to premarket certification of medical devices.

Alexa does have some health-related “skills,” like a basic medical app that delivers Mayo Clinic guidance on basic conditions like fevers or burns. Those are a far cry, however, from the sort of application that would handle protected health information and require HIPAA oversight.

In September, Amazon Web Services’ health lead Oxana Pickeral acknowledged that Alexa was not yet HIPAA-compliant, but said that an event promoting the technology’s diabetes management capabilities “provided us an opportunity to envision what is possible.”

Amazon Web Services itself is HIPAA compliant, and is one of the leading cloud providers in the increasingly data-dependent healthcare industry.

The company’s on-again-off-again entry into pharmaceutical sales has fueled rampant rumors and even bullied around retail pharmacy stocks. In 2017, the company applied for wholesale pharmaceutical distribution clearances in a handful of states, though it eventually let those applications lapse in at least 1 state.

Wholesale distribution or the sale of medical devices and equipment may be Amazon’s options in lieu, or potentially in advance, of direct-to-consumer drug sales.

SHARE THIS SHARE THIS
194
Become a contributor