Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Buffer HIPAA compliant?

Is Buffer HIPAA compliant?

Is-Buffer-HIPAA-Compliant-Paubox With over 3.5 billion people projected to use social media in 2020, healthcare professionals cannot afford to ignore the power of this communication tool.  However, choosing the right social media management service might not be an easy task.

Especially when you need to stay HIPAA compliant. Today we are looking at Buffer .

About Buffer

Founded in 2010, Buffer is a social media management platform used to create, analyze, and publish social media posts.  

Buffer’s capabilities include in-depth social analytics, report building, audience insights, and more.

 

Buffer and the business associate agreement

A business associate agreement (BAA) is a written contract between a covered entity and a business associate . It is required for HIPAA compliance.  We found no information online about Buffer executing a BAA.

 

Protected health information and Buffer

An essential part of HIPAA compliance is protecting patients’ protected health information (PHI). Any information that can be used to reasonably identify a patient and is used during patient care is PHI. Buffer offered no information about PHI on its website.  We did find information on its Legal Policies and Procedures page that personal user information is collected, used, and disclosed by Buffer. By agreeing to Buffer’s terms and conditions, users agree to allow the platform to collect their personal information.  Buffer also states that it may sell this personal user information.  Per its Privacy Shield :


Buffer may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.

The above information is another reason why Buffer is not HIPAA compliant. 

 

Conclusion

A pivotal component of HIPAA compliance is an executed BAA.  We found no information on Buffer’s willingness to sign or discuss executing a BAA. Therefore, Buffer does not offer HIPAA compliant services.

 

Using Buffer without violating HIPAA

There are ways covered entities can utilize Buffer’s services safely, however.   Using social media to nurture the patient-provider relationship is an excellent idea for healthcare professionals.

You and your practice can maintain HIPAA compliance while sharing general information on social media, like general wellness tips, information about your practice, event information, and updates about COVID-19.  SEE ALSO: Social Media and Email Marketing for Healthcare: A Virtuous Circle To use social media in a HIPAA compliant manner, your practice must never:

  • Disclose anything that could be considered PHI
  • Allude to someone’s specific health condition or unique medical case
  • Address individuals or their individual health histories, even if someone discloses this information willingly 
  • Direct or private message any patient

 

Simply put, steer clear of sharing anything that can be remotely considered PHI, and make sure your team completely understands social media and HIPAA compliance Also, consider creating a HIPAA compliant social media plan to help ensure your staff is sharing information correctly.

 

Complement social media with HIPAA compliant email

Sending PHI via a social media management platform might not be possible, but direct communication with your patients via a HIPAA compliant email solution, like Paubox Email Suite , is. 

Outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace  or Microsoft 365 ), so the solution does not require any change in user behavior.  Emails are delivered directly to a patient’s email inbox; no password or portal is required.  Your patients will never have to worry about logging into and out of an email portal again.

Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.