Especially when you need to stay HIPAA compliant. Today we are looking at Buffer .
Founded in 2010, Buffer is a social media management platform used to create, analyze, and publish social media posts.
Buffer’s capabilities include in-depth social analytics, report building, audience insights, and more.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate . It is required for HIPAA compliance. We found no information online about Buffer executing a BAA.
An essential part of HIPAA compliance is protecting patients’ protected health information (PHI). Any information that can be used to reasonably identify a patient and is used during patient care is PHI. Buffer offered no information about PHI on its website. We did find information on its Legal Policies and Procedures page that personal user information is collected, used, and disclosed by Buffer. By agreeing to Buffer’s terms and conditions, users agree to allow the platform to collect their personal information. Buffer also states that it may sell this personal user information. Per its Privacy Shield :
Buffer may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.
The above information is another reason why Buffer is not HIPAA compliant.
A pivotal component of HIPAA compliance is an executed BAA. We found no information on Buffer’s willingness to sign or discuss executing a BAA. Therefore, Buffer does not offer HIPAA compliant services.
There are ways covered entities can utilize Buffer’s services safely, however. Using social media to nurture the patient-provider relationship is an excellent idea for healthcare professionals.
You and your practice can maintain HIPAA compliance while sharing general information on social media, like general wellness tips, information about your practice, event information, and updates about COVID-19. SEE ALSO: Social Media and Email Marketing for Healthcare: A Virtuous Circle To use social media in a HIPAA compliant manner, your practice must never:
Simply put, steer clear of sharing anything that can be remotely considered PHI, and make sure your team completely understands social media and HIPAA compliance . Also, consider creating a HIPAA compliant social media plan to help ensure your staff is sharing information correctly.
Sending PHI via a social media management platform might not be possible, but direct communication with your patients via a HIPAA compliant email solution, like Paubox Email Suite , is.
Outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace or Microsoft 365 ), so the solution does not require any change in user behavior. Emails are delivered directly to a patient’s email inbox; no password or portal is required. Your patients will never have to worry about logging into and out of an email portal again.
Try Paubox Email Suite for FREE today.