Using social media is a valuable tool to bring information to a broad audience. However, healthcare providers who work with protected health information (PHI) need to make sure they aren’t violating HIPAA while using social media. Today we’re going to look at CoSchedule for HIPAA compliance.
About CoScheduleCoSchedule is a content marketing management tool. Users can schedule both blog and social media content on this platform. The company describes itself as “a family of agile marketing tools that will help you stay focused, deliver projects on time, and make your team happy.”
CoSchedule and business associate agreementsA business associate agreement (BAA) is a requirement for HIPAA compliance. The BAA is a written contract between a covered entity and a business associate . We found no information regarding BAAs on CoSchedule’s website.
PHI and CoScheduleSafeguarding patient PHI is another critical component of HIPAA compliance. PHI is any information that can be used to identify a patient and is used during patient care. No reference to PHI is listed on CoSchedule’s website. CoSchedule does state , however, that it collects both personal and non-personal information “from and about website visitors.” The company considers non-personal information to be “information that is about you but individually does not identify you.” The computer you use to access its website, information about your internet connection, and usage details fall under non-personal information. Personal information includes your name, email address, mailing address, phone number, and credit card information. The user provides some of this information, while other information is collected automatically (like IP addresses and information collected through tracking technology). If CoSchedule is sold or merges with a different company, all personal and non-personal information will be shared with that company.
ConclusionWe found no information about CoSchedule’s willingness to execute a BAA. Therefore, CoSchedule is not HIPAA compliant. Furthermore, as stated above, CoSchedule collects and uses personal and non-personal information from its users. Those who chose to use CoSchedule need to be conscious of the information they are sharing.
Using CoSchedule in a HIPAA compliant mannerCovered entities can still use CoSchedule despite not being HIPAA compliant as long as they aren’t using any PHI on social media. To stay HIPAA compliant, make sure your practice never:
- Discloses anything that could be considered PHI
- Addresses individuals or their individual health histories
- Implies information about someone’s specific health condition or distinctive medical case
- Private or direct messages any patient (even if they message you first)
- General wellness tips
- COVID-19 updates
- Information about your healthcare offerings
- Upcoming events from your practice
Add HIPAA compliant email to your communication arsenalA HIPAA compliant email solution, like Paubox Email Suite , is the easiest way to communicate with your patients directly. Paubox Email Suite integrates directly into your existing email platform (such as Google Workspace or Microsoft 365 ) and encrypts all outbound emails by default. That means no change to your email behavior. Paubox Email Suite also does not require passwords or patient email portals ; emails are delivered directly to your patient’s inbox. You focus on patient care; we’ll deliver your email securely and hassle-free.
Try Paubox Email Suite for FREE today.