Paubox blog: HIPAA compliant email made easy

Is Hootsuite HIPAA compliant?

Written by Hannah Trum | November 19, 2020
Using social media is a great way to convey general information, like office closures or events, to your patients from your organization.  However, it’s crucial for covered entities to stay HIPAA compliant when utilizing social media. Let’s look at Hootsuite for HIPAA compliance.

About Hootsuite

Hootsuite is a social media management tool used to schedule posts, analyze social media data, and respond to messages. Hootsuite offers five different plans (free, professional, team, business, enterprise) and certification courses for social media professionals.

 

Hootsuite and business associate agreements

A business associate agreement (BAA) is a written contract between a covered entity and a business associate . It is required for HIPAA compliance.  We found no information online about Hootsuite executing a BAA. Additionally, we inquired with Hootsuite’s customer support team about BAAs but did not receive an answer.

 

Hootsuite and protected health information

Another critical piece of HIPAA compliance is safeguarding protected health information (PHI). PHI is any information that can be used to reasonably identify a patient and is used during patient care.  Hootsuite offered no information about PHI on its website.  However, per its privacy policy , Hootsuite collects, stores, and shares information about its users, including names, addresses, billing information, and any posts, messages, comments, or images shared or received on any connected social media profile Authorized employees and third parties, such as contractors, partners, customer organizations, or government agencies, can access this information.

 

Conclusion

A central component of HIPAA compliance is an executed BAA. We found no information on Hootsuite’s willingness to sign a BAA.  We also reached out to Hootsuite’s customer support team to inquire about BAAs but did not receive a reply.  Furthermore, Hootsuite stores and shares customer information, including what could possibly be PHI. However, according to Hootsuite’s case study, large healthcare organizations, such as Spectrum Health , utilize Hootsuite while “successfully navigating HIPAA regulations.”  Therefore, it is inconclusive if Hootsuite is HIPAA compliant.

 

Using Hootsuite without violating HIPAA

It is possible to utilize a tool like Hootsuite and maintain HIPAA compliance without a BAA. Hootsuite has even created a guide for healthcare professionals Make sure your team understands social media and HIPAA compliance . As a best practice, when using social media, your organization should never:
  • Direct or private message any patient
  • Address individuals or their individual health history (even if they disclose that information willingly)
  • Disclose anything that could be considered PHI
  • Imply or allude to someone’s specific health condition or medical case 
Additionally, Hootsuite and the Mayo Clinic have created a certification course for those who want to “use social media platforms wisely, measure their success, and communicate the value of social media for organizational and professional development.”

 

Hassle-free communication with HIPAA compliant email

Although it is a HIPAA violation to send or receive PHI via a social media management platform, using a HIPAA compliant email solution, such as Paubox Email Suite , offers a direct line of communication to your patients.  Outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace or Microsoft 365 ), so the solution does not require any change in email behavior Emails are delivered directly to a patient’s email inbox. No password or portal required .
 
Try Paubox Email Suite for FREE today.