by Sara Nguyen
Article filed in
The best HIPAA compliant social media tools (and which to avoid)
by Sara Nguyen
Social media tools are a great way to manage social media posts, respond to messages, and analyze audience data. Healthcare professionals should take care though that they are using social media tools in a way that is compliant with HIPAA security rules.
In this ultimate guide, we’ll cover what you need to know about social media tools and HIPAA compliance.
Social media tools and HIPAA compliance
Covered entities have a duty to use social media in a HIPAA compliant manner. There are some steps to take to ensure that you use social media tools properly. Some of these steps can include:
- Employee training on the proper use of protected health information (PHI)
- Don’t share or allude to specific patient cases or medical history
- Use broad language to refer to all patients and not specific individuals
- Don’t send messages to patients – consider using HIPAA compliant email instead
The biggest concern with social media compliance is to ensure PHI is never shared on these platforms as they tend to not be HIPAA compliant.
Many healthcare professionals use social media tools to accomplish tasks like scheduling social media posts or analyzing their audience. But can this be done in a HIPAA compliant manner? Let’s review some popular social media tools and their ability to be in compliance with HIPAA security standards.
Buffer is a popular social media management tool that is used to publish social media posts and provide in-depth social analytics. This platform doesn’t provide a business associate agreement (BAA) and doesn’t seem to have the proper safeguards to protect personal data. Buffer is not HIPAA compliant.
CoSchedule helps manage blog and social media content. However, it doesn’t appear that it is willing to sign a BAA or have safeguards in place to protect any PHI it may come into contact with on social media. Therefore, CoSchedule is not HIPAA compliant.
Hootsuite is used to schedule social media posts, analyze data, and respond to messages. While it may not sign a BAA, Hootsuite does provide a case study of a large healthcare organization that uses the social media management tool while “successfully navigating HIPAA regulations”. It’s inconclusive if Hootsuite is HIPAA compliant.
Revive Old Post
Revive Old Post is a WordPress plug-in that automatically shares website content to social media platforms. This plug-in has some security concerns like sharing data with other third-party vendors, on top of an unwillingness to participate in a BAA. Revive Old Post is not HIPAA compliant.
SharedCount is an API tool that allows you to view website engagement data. Social media analytics is crucial to determining the success of your social media plan. While SharedCount only has limited access to your data, it’s not willing to sign a BAA. This makes SharedCount not HIPAA compliant.
SproutSocial is one of the most popular social media tools in the market. It has a variety of uses including scheduling posts, analyzing data, and responding to messages. SproutSocial doesn’t mention it is willing to sign a BAA and may not have the proper safeguards in place to protect PHI. SproutSocial isn’t HIPAA compliant.
What are the best social media tools?
Hootsuite is the only social media tool that is inconclusive about its HIPAA compliance. The rest of the social media tools aren’t considered HIPAA compliant because they won’t participate in a BAA.
However, it’s still possible for covered entities to use social media tools without violating HIPAA regulations.
How to use social media tools without violating HIPAA
Social media can be a great place to foster relationships with your patients, but healthcare professionals need to ensure that they aren’t taking any action that could violate HIPAA.
The key to using social media tools is to not share PHI in any way. This can include:
- Direct or private messages to patients
- Disclosing PHI like names
- Discussing individuals and their medical history
However, there are plenty of ways to use social media as a marketing tool for your organization without jeopardizing HIPAA security.
Creating a social media plan will help you and your employees take proactive steps to only share information that is HIPAA compliant. Your healthcare organization can share general information like:
- Health and wellness tips
- COVID-19 updates
- Updates on your organization
- Promote community events
Keep all of your online communications secure
Online communication with your patients needs to have the proper safeguards to protect any PHI that is transmitted. Paubox Email Suite is an HIPAA compliant email solution to easily communicate with your patients directly in their inbox.
Paubox is easy for your employees to use since it requires no change in email behavior. It seamlessly integrates with your existing email provider (like Google Workspace or Microsoft 365) and automatically sends all emails with encryption to protect your data.
Paubox includes a BAA in every plan, so you can go back to focusing on patient care while we deliver your email securely.