Nuance CMIO: Free Dragon Dictation iPhone app isn't for patient data

Like Apple collects Siri data, Nuance collects Dragon Dictation speech data. In Nuance's case it's to "tune, enhance and improve" speech recognition.

The iPhone's Siri was a major selling point of the iPhone 4S, and Apple aficionados await new wrinkles in the voice-powered digital assistant in the next iPhone, which observers believe will be unveiled next month. It's an open secret that Siri runs on Nuance's Communications Inc.'s voice-recognition engine, although Nuance -- which makes software for both the general business market as well as a sizeable health care customer base -- doesn't acknowledge any dealings it might have with Apple.

Siri has a newborn cousin, too: Nuance technology also forms the backbone for Nina, a voice-command software development kit (SDK) Nuance rolled out this week. Nuance envisions business entities such as health care providers or banks will incorporate Nina into their mobile apps. For example, a bank customer might speak "checking account balance" into their Android or iOS smartphone, and the bank's Web site could understand that command, poll the server and retrieve it.

But not all's well in Siri-land. In July, Wired reported that, afraid of letting intellectual property outside its walls, IBM banned Siri once it discovered that Apple stores data from speech queries in a North Carolina data center.

More on HIPAA compliance

How the HITECH Act updated HIPAA for the EHR era.

Health care virtualized environments complicate HIPAA compliance; here's how to do it.

A HIPAA compliant wireless network isn't an impossible dream.

Which brings the issue back to Nuance's free speech-to-text iPhone app, Dragon Dictation, which avails some of Siri's speech-to-text features to users of pre-4S iPhones. It's particularly popular among physicians, who have adopted the iPhone in droves. At trade shows like HIMSS they can be seen using, recommending and even demonstrating Dragon Dictation to each other. It performs some of the same speech-to-text functions found on the iOS's system-level tools: It can port speech to email, speech to Facebook and speech to text messages.

The free Dragon Dictation app would seem perfect for talking through patient notes and other clinical data, converting it to text and emailing it to EHR systems or work email addresses. Don't do it, said Nuance chief medical information officer Nick van Terheyden, M.D. The software isn't "medical grade" and doesn't have the HIPAA-compliant security associated with Nuance's transcription and dictation software, which is commercial software sold through health care channels.

The free Dragon Dictation app would seem perfect for talking through patient notes and other clinical data, converting it to text and emailing it to EHR systems or work email addresses. Don't do it.
Nick van Terheyden, M.D.Nuance chief medical information officer

Furthermore, in the small print of the license agreement end-users must submit in order to install the app, Nuance says that as part of the Dragon Dictation service, the company collects and uses user-generated speech data, to "tune, enhance and improve the speech recognition and other Nuance services and products." In accepting the terms and conditions of the agreement, physicians agree to Nuance collecting their speech data.

"[Dragon Dictation] doesn't contain all the necessary safeguards and security to ensure the validity of the [patient HIPAA-protected health information]," said van Terheyden. "Whilst it's good in the general business world, that's not a medical-grade application, and we didn't release it as such. The fact that physicians are showing it's useful -- interesting -- but it's really a teaser. ... It's great for testing."

Nuance doesn't store personal information gleaned through Dragon Dictation, van Terheyden said, and the company isn't "particularly interested" in reusing the data for any purpose other than to improve its speech recognition accuracy. Dragon Medical Mobile Recorder (DMMR) should be used in clinical practice instead, he said.

That iPhone app, physicians will find, is also free at the iTunes Store, but does require a back-end eScription enterprise installation with which to connect. The eScription subscriptions are a whole different animal, in which Nuance doesn't collect data for its own software development use but instead takes speech data from health care customers, transcribes it to text, and returns it to them. The company acts as a HIPAA business associate in those cases.

"[DMMR] contains all the HIPAA safeguards and security so there is no persistent data on the mobile applications, physicians have to log in, there's authentication," van Terheyden said. "They might record information that's PHI. That's secured by both encryption on the device and encryption back to our data center."

Dig Deeper on Electronic health records security compliance