Amazon Alexa & Google Assistant for Senior Care: 4 Considerations

There is tremendous interest in using voice assistants such as Amazon Alexa and Google Assistant in skilled nursing, LTPAC facilities and assisted living settings. The devices that access these technologies — most often an Amazon Echo or Google Home speaker — can be used in conjunction with smart home technologies to control lighting, heating and cooling, home entertainment, communication and other various systems. With simple voice commands, residents can turn the lights and off, set the thermostat, communicate with loved ones, create a shopping list, turn music on, hear the news and get the latest weather report.

These devices address various concerns around safety, promote feelings of independence, help seniors stay connected, and do a host of other very good things. Especially for those with limited mobility, cognitive issues or other challenges, voice control can be enabling for everyday life and contribute to overall well-being. When they are used in in conjunction with sensors and other smart home-enabled technologies, you can appreciate why so many facility designers are beginning to incorporate these into their plans.

Sensors can detect whether the resident is active or inactive, or whether the refrigerator or medicine cabinet has been opened. They sense movement and turn pathway lighting on to prevent falls. Smart water systems monitor consumption to make sure residents are drinking enough water. Medication reminders and pill dispensers assist those with memory issues.

We love the advantages these technologies offer, but allow us to point out a few potential issues for facilities to consider.

Connectivity Requirements

These technologies rely heavily on the cloud for their fundamental operation, including the voice recognition that makes them tick. The various sensors and other smart-enabled devices and technologies are likewise “Internet of Things” (IoT) devices. They’re Internet-reliant — and the more functions they provide, the more residents rely on them for their everyday living. It’s a whole new world when “the lights won’t turn on” triggers an IT trouble ticket. Having highly reliable, regularly monitored and redundant Internet connections with failover capability and sufficient bandwidth is absolutely essential.

HIPAA Considerations

When voice assistants are used for medication reminders, gathering healthcare data or other medical matters, HIPAA regulations come into play. Amazon has recognized the medical applications for its technology, and has entered agreements with some third parties in the healthcare arena to deliver services over Alexa that are “HIPAA compliant.” This means that the data is collected and stored by the third party in a HIPAA-compliant manner; it does not mean that any or every use of Alexa is “HIPAA compliant.” Even seemingly routine discussions about healthcare matters that happen to be picked up while the voice assistant is listening can lead to HIPAA exposure.

Wi-Fi Security Implications

Voice assistants rely on Wi-Fi for connectivity. If they’re going to be used for gathering and transmitting healthcare data that’s subject to HIPAA, they absolutely must be connected to the same protected, healthcare-dedicated Wi-Fi network that handles your EHR and other medical systems. Allow voice assistants on the guest-and-resident network only if they’re resident-owned and -installed, and you can be sure they’re functioning in a way that’s outside the reach of HIPAA.

Remember the Network

In our conversations with senior care facilities, the enthusiasm for voice assistant and smart home technologies is evident, and we share it! But we encourage you to keep the network and security implications in mind to ensure that these assets do not become liabilities.

At FIT Solutions, our managed IT services come with tools and expertise in network design and connectivity, monitoring and troubleshooting. If you have a project like this in mind, give us a call at 888-339-5694.

8 Steps to Mobile Device Security for Senior Care Environments

National Cybersecurity Awareness Month, observed each October, promotes heightened awareness of the importance of computer security issues. This year’s theme is “Own IT. Secure IT. Protect IT.”

The first — Own  IT — refers to taking responsibility for security. While much of the focus of the messaging is on individual security, there are some timely reminders for business environments as well. This is especially true for our FIT Solutions customers who use mobile tablets to access EHR and other clinical systems.

Your internal network contains protected health information, and for HIPAA compliance, you must be absolutely sure that any connected devices are secure. Here are the best practices we recommend:

  1.  Secure Your Wi-Fi.
    This is vital for LTPAC environments. Offering Wi-Fi to patients and their guests is a standard business practice, and is essentially an expectation.  Keep the guest Wi-Fi on a network that is separate from the clinical network, and establish a firm policy to prohibit your staff from sharing the clinical network password with patients or guests. Business-class Wi-Fi access points allow you to set up separate networks and prevent cross-traffic between them. If your staff brings their own smartphones to work, only allow them to access the guest network. You might offer them a third and separate network that allows some access, but still prevents their devices from accessing clinical data. Given the possibility of an unsecured device leading to a breach of patient data, you simply must allow only devices that you can directly control and secure to access medical records.
  2. Require Endpoint Security Software.
    Any device that connects to your network is an endpoint with access to your network’s data. PCs are no longer the only vulnerable point; Android devices are especially susceptible, and criminals are increasingly targeting tablets running iOS. Make anti-malware software part of the standard configuration, and set it to trigger regular updates.
  3. Fortify Your Logins. 
    A tablet or other device that has access to medical data must be locked with a passphrase to prevent unauthorized use by visitors who might pick it up. In addition to a strong password policy, the best practice is to enable multi-factor authentication for any access to the clinical network. These measures protect you against unauthorized use of the device as well as against criminals guessing passwords or using stolen credentials to gain access. In addition, hide the SSID so you’re not broadcasting the name of the clinical network.
  4. Mandate VPN Use.
    Mobile devices can be susceptible to eavesdropping. Take advantage of the strong encryption offered by a VPN by implementing a VPN for access to the clinical network if the device needs to leave the secure network. Look for one that also supports multi-factor authentication to protect the VPN logins.
  5. Protect Against Malicious Apps.
    One of the biggest mobile-device risks is applications that pose as something useful or fun, but are actually designed to steal data. Establish policies that limit or block the use of third-party software on your clinical devices.
  6. Develop and Require a Secure Configuration.
    Establish a standard, secure configuration for devices that connect to the clinical network.  This includes requiring a lock code or password for access, preventing access of other wireless networks, and either hiding the device from Bluetooth discovery or, better still, disabling Bluetooth altogether.
  7. Enable Remote Lock and Wipe.
    Be sure you are able to remotely lock the device to prevent its use if it is ever lost or stolen. Ideally, the devices don’t store any data at all and are only used to access or update the patient records. But if they do hold any data, or as an extra measure of protection, ensure you can wipe the data from the device as well. If the device is found, you can simply re-image it from a backup.
  8. Conduct Mobile Security Audits.
    Hire an outside firm to annually audit your mobile security and perform penetration testing. Testing using the same mobile devices that you use in your environment will uncover potential issues before a criminal discovers them.

We encourage you to use National Cybersecurity Awareness Month to take a serious look at your security and address any shortcomings. If you would like assistance implementing these measures or an evaluation of your HIPAA compliance posture, FIT Solutions is here to help. Call us today at 888-339-5694.

Public Wi-Fi Security for Senior Care: 4 Tips for Keeping Patient Data Safe

As the baby boom generation enters the Senior Care market, skilled nursing, assisted living and other facilities that serve to the senior population face a new challenge.

They have to meet the technology-access expectations of tech-savvy patients and their families. Wi-Fi access is now an essential part of the service mix for residents and visitors.

Since these are healthcare facilities, though, HIPAA compliance and patient-safety issues are even more paramount. Roaming caregivers require their own Wi-Fi access to electronic health record (EHR) or electronic medical record (EMR) systems. Monitoring, alerting and other systems that directly support care delivery might also connect via Wi-Fi. Unsecured guest and resident devices connecting to the same network as medically critical devices present a huge risk.

Here are four tips for safely making Wi-Fi available for senior patients and residents, visitors and guests while preventing compromises and addressing the compliance issues.

1.  Use business-class Wi-Fi technology to segregate the networks. Business-class technology allows you to use separate Wi-Fi SSIDs to isolate networks. At minimum, create one for resident/guess access and one for caregivers/staff. Put the guest network in a DMZ or otherwise isolate its internet access and block access to the staff network. (Business-class technology is a must in a senior-care facility for reasons other than security. It generally delivers more-robust coverage than consumer-grade devices, including support for multiple access points.)

2.  Enforce policies to keep the staff passphrase secure. Staff might be tempted to share their password with guests and residents, especially if the resident Wi-Fi enforces bandwidth throttling that limits data consumption. Discourage passkey-sharing by requiring a longer and more-complex passphrase for the staff network, while making the guest passkey shorter and easier to remember and enter. The best practice is to enact a written policy that prohibits sharing the staff passkey with residents or guests, or connecting their devices to the staff network.

3.  Hide the Wi-Fi SSID for the staff network. By not broadcasting the SSID, it won’t show as a connection option. Moreover, if you don’t share the SSID with the staff, they won’t be able to connect any device on their own. This means IT personnel may need to occasionally help with getting equipment connected, but this is often easier than having to change the passkeys on all the devices later because residents are found to be connecting to the staff network.

4.  Add an extra layer of sign-on security. Consider one or both of these options. MAC address filtering allows pre-authorized devices — and only those devices — to connect to the staff network. It can be difficult to administer, however. A much more effective and seamless approach is to use a single sign-on solution (such as Okta or Onelogin) that allows access only when a user enters their staff email address and password.

Of course, there’s more to compliance with HIPAA, HITECH and other regulations than just securing Wi-Fi access, but the tips above deal effectively with one of the biggest vulnerabilities that senior care facilities face.

If you would like to know more about security in a senior care setting, we’re here to help. You can learn more about FIT Solutions managed IT services for healthcare by calling us at (888) 339-5694.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!