Policies for Alexa Smart Properties
When integrating with Alexa Smart Properties, you must adhere to the following requirements.
Properties located in Canada
For properties located in Canada, if you are a public sector organization within the meaning of Canadian law or regulation, you may not subscribe to any Alexa Smart Properties services without Amazon's prior written approval, and may be subject to additional requirements. For details, reach out to your Alexa Smart Properties business development contact.
Properties located in Quebec
For properties located in Quebec, you must adhere to the following requirements:
- Set the locale for the devices in the property to the fr-CA locale or en-CA/fr-CA language pair to comply with Quebec province regulations.
- Provide in-room collateral in both English and French.
Properties located in Japan
For properties located in Japan, you must adhere to the following requirements:
- Obtain prior consent from the data subject for the relevant use of Personally Referable Information, as defined in the Japanese Act on the Protection of Personal Information (“APPI”), if you receive and use Personally Referable Information as Personal Data, as defined in the APPI, by cross-referencing it with other information.
- Limit the offering and use of digital music services on Registered Devices to the use of End Users in private areas (that cannot be used by more than one person or an unspecified number of people) within the Property.
- Provide in-room collateral in Japanese.
Alexa Smart Properties in healthcare
Requirements for integrating with ASP in healthcare REST APIs
When integrating with Alexa Smart Properties in healthcare APIs, customers must adhere to the following requirements, listed below.
- Healthcare Subscription Usage. If a facility is a covered entity under HIPAA, it must be enrolled in the Alexa for Healthcare subscription. If the facility qualifies as a HIPAA hybrid entity (e.g., it offers both Independent Living and Skilled Nursing), the Alexa for Healthcare subscription must be used to service any health care component(s) of the facility. Where permitted by applicable law, a separate property unit may be used to enroll the non-covered portion(s) of the HIPAA hybrid entity in another Alexa Smart Properties subscription.
- Free Text Fields. Do not enter Protected Health Information (PHI, as defined under HIPAA) or any information that could directly or indirectly identify individuals in Free Text Fields (for example, SSID Name) in messages created using the Notifications API or the Proactive Suggestion API, in Name fields (for example, Device Friendly Name, Device Group Name, Unit Names, Address Book Name, Contact Name, and so on), and so on. Use of a room number or a generic room name, such as "restaurant" or "barbershop" is acceptable. The name of a patient or resident never should be included. PHI is also prohibited in text fields in the Notifications API and the Proactive Suggestion API.
- Address Books. The address book should not name a patient or resident; however, a room number is acceptable. Do not create a personalized address book that includes a relative of the individual (e.g., daughter, son, mother, or father). It is acceptable to include healthcare providers for the individual in the address book.
- Skill Enablement. Enablement of any skill that collects users’ personal information is prohibited.
- Automation. Do not enter Protected Health Information (PHI, as defined under HIPAA) or any information that could directly or indirectly identify individuals when using the Automation API to create an automation or define the custom utterance used to trigger the automation (for example, patient's names, doctor's names, medication name, medical conditions, and so on). For example, you can create a custom utterance of "Alexa, goodnight" with the action to announce "Take your medication." You cannot create a custom utterance of "Alexa, goodnight" with the action to announce "Sally, take your Lisinopril."
- Alarms. You will call the Delete all alarms for a unit API when the room is vacated by the current user, and readied for a new user.
- Reminders. You will call the Delete all reminders for a unit API when the room is vacated by the current user, and readied for a new user.
- Timers. You will call the Delete all timers for a unit API when the room is vacated by the current user, and readied for a new user.
- Drop In
- Only the following use cases are allowed:
- Drop In from care staff onsite to patient/resident units
- Drop In from onsite visitation rooms to patient/resident units
- The Property must notify the patient/resident that there is an Alexa enabled device in the room and they can disable or remove on request.
- The Property will provide training and collateral materials that describe Drop In to healthcare staff and patients/residents which will include the following:
- Healthcare staff Drop In instruction: instruction on how healthcare staff can initiate Drop In
- Instructions for Patient/Resident device: instruction on how to enable Do Not Disturb
- Suggested FAQs for patient/resident device: include suggested Drop In related FAQs for patient/resident device
- Only the following use cases are allowed:
Drop In FAQ
What is Drop In?
Drop In allows the caller to simply appear on a recipient’s device (the recipient does not need to answer the call).
When someone drops in on my device, what do they hear and see?
When a contact drops in on your Echo device, you will hear an audio tone and see a visual indicator that someone is dropping in on you. The contact on the other side of the Drop In will automatically hear audio through your device. You may end the Drop In by saying “Alexa, hang up.”
The caller will see a frosted glass view from your device’s camera. The frosted glass view will automatically transition to clear video over a short period of time. You will see the caller’s video (and a picture-in-picture view of your own video) when the Drop In is in progress. You can end a Drop In by tapping the End icon on the screen, or you can disable the camera while continuing an audio conversation by saying “Alexa, video off”, or tapping the Video Off icon on the screen.
How do I disable Drop In?
You can turn on Do Not Disturb on your Echo device to prevent being dropped in on. You can also disable Drop In permission from certain contacts by working with your prop erty or by viewing the contact card on your Echo device with a screen.
HIPAA Eligible Skills
Refer to Certification Requirements for general requirements that apply to all skills. For HIPAA Eligible skills in Enterprise environments, please refer to the guidelines below.
Requirements for Skills that are HIPAA-Eligible
An Alexa skill can be HIPAA-eligible if the developer is a HIPAA Covered Entity (CE) or Business Associate (BA), uses the means we provide to identify the skill as one that processes Protected Health Information (PHI), and agrees to the Alexa Business Associate Agreement (BAA). HIPAA-eligible Alexa skills must also adhere to the requirements listed below and pass a certification review. Note that these guidelines might change over time.
HIPAA-Eligible skill submission checklist
- The developer account must be owned by the Covered Entity or Business Associate that will publish the skill.
- The developer name of the account must represent the legal name of the Covered Entity or Business Associate that will publish the skill.
- You must indicate in the developer console (requires login) that you intend for your skill to handle protected health information (PHI)
- You must agree to the Alexa Skills Business Associate Agreement (BAA) with Amazon, made available in the developer console (requires log-in).
- Your skill must never have been published prior to when you indicate that you intend for your skill to handle PHI and/or agree to the BAA.
- Your skill will not send Amazon information that includes patient name or other patient personal information, (e.g., Room 101 needs pain meds and not John Smith needs pain meds).
- Your skill must be published live, but hidden from the skill store.
- Your skill must only be made available and distributed in the United States.
- Your skill cannot use PHI for development, testing, or certification purposes.
- Your skill can only use Approved APIs and services.
- Your skill must not be Child Directed.
HIPAA-eligible skills can only use the following APIs.
- Account Linking – For more details, see Understand Account Linking for Alexa Skills. In healthcare contexts, account linking facilitates linking of the skill with the Unit. It does not support linking to an individual user’s account.
- Alexa Dialog API – For more details, see Dialog Interface Reference.
- Alexa Response API – For more details, see Response Building.
- Alexa Presentation Language (APL) – For more details, see Alexa.Presentation.APL Interface Reference.
- Alexa Skill Events API – For more details, Skill Events in Alexa Skills.
- Alexa UI APIs – For more details, see Include a Card in Your Skill Response.
- Permissions – You can only enable permissions for device address and location services. For more details, see Configure Permissions for Customer Information in Your Skill.
- Skill building using the Alexa Skill Management API (SMAPI) – For more details, see Get Started with SMAPI.
- About Alexa Smart Properties
- Get Started with Alexa Smart Properties APIs
- Alexa Smart Properties Device Purchase and Setup
- Manage Skills in Alexa Smart Properties
Was this page helpful?
Last updated: Nov 28, 2023