Social media is everywhere you look, making it an extremely convenient way to share updates with your network. Healthcare professionals who chose to use social media within their practice need to keep patient information safeguarded.
Today we will look at Edgar, a popular social media management platform, for HIPAA compliance.
Edgar is a social media scheduling, management, and learning tool created by the company MeetEdgar in 2014.
Edgar’s benefits include an unlimited personal content library, A/B testing, and live office hours with the opportunity to ask Team Edgar social media questions.
Business associate agreement and Edgar
No information was found online about Edgar executing a BAA.
Protected health information and Edgar
Another critical part of HIPAA compliance is safeguarding patients’ protected health information (PHI) from data breaches. PHI is any information that can be used to identify a patient reasonably and is used during patient care.
There is no information about PHI on Edgar’s website.
However, MeetEdgar does state that the company collects information from the account holder. This includes personal information such as a name, email address, and IP address. Edgar also collects company information such as social media logins and any information processed on the platform.
MeetEdgar also states that this information will never be sold or shared unless the company or application is acquired. Should that happen, the collected data will be transferred to the acquiring parties.
We found no information on MeetEdgar’s willingness to execute a BAA. Because of this, Edgar does not offer HIPAA compliant services.
Remember, an executed BAA is a pivotal part of HIPAA compliance.
Using Edgar in a HIPAA compliant manner
Although Edgar is not HIPAA compliant, covered entities can still use MeetEdgar’s services. Healthcare providers need to make sure they are using this service safely, though.
Healthcare providers must avoid sharing sensitive information on any social media platform.
To stay HIPAA compliant, make sure your practice never:
- Discloses anything that could be considered PHI
- Addresses individuals or their individual health histories
- Implies information about someone’s specific health condition or distinctive medical case
- Private or direct messages any patient (even if they message you first)
Healthcare providers can use social media to share:
- General wellness tips
- COVID-19 updates
- Information about your practice
- Upcoming events from your practice
Most importantly, make sure your team understands social media and HIPAA compliance.
Expand your patient communication with HIPAA compliant email
While it is not possible to send PHI via a social media management platform in a HIPAA compliant manner, it is possible to directly communicate with your patients with a HIPAA compliant email solution, like Paubox Email Suite.
With Paubox Email Suite, outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace or Microsoft 365). Our solution requires no change in your user behavior.
Emails are delivered directly to a patient’s email inbox; no password or portal is required.
Your patients will never have to worry about logging into and out of an email portal again.