Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Is Falcon HIPAA compliant?

Hannah Trum October 07, 2020

Email cybersecurity
Is Falcon HIPAA compliant?
Is-Falcon-HIPAA-Compliant-Paubox Social media is a valuable asset to any organization, including in healthcare. However, physicians and others who handle protected health information (PHI) must not use social media in a way that violates HIPAA.  Let’s look at Falcon for HIPAA compliance.

About Falcon

Falcon is a social media marketing platform. Features include social analytics, community engagement, and post-management.  Falcon describes itself as “a SaaS platform for social media listening, engaging, publishing, advertising, measuring, and managing customer data.” Cision Ltd , a provider of earned media software and services, owns Falcon.

 

Falcon and business associate agreements

A requirement for HIPAA compliance is a business associate agreement (BAA). A BAA is a written contract between a covered entity and a business associate .   We found no mention of BAAs on Cision’s or Falcon’s websites.

 

PHI and Falcon

Keeping PHI safe is an essential aspect of HIPAA compliance. As a reminder, PHI is any type of information that can be used to identify a patient and is used during patient care.  There is no reference to PHI on Cision’s or Falcon’s websites.  However, Cision states that it collects information from its users, through its services (including Falcon), and third parties.  Types of information collected include names, IP addresses, device types, pages viewed on the website, social media logins, contact information, and tracking information (such as cookies).  Cision or Falcon may share this information, including personal information, with subsidiaries, affiliates, service providers, and sub-contractors. Additionally, should the company be sold or acquired, Cision or Falcon may share that information with the buyer.

 

Conclusion

We found no information about Falcon’s or Cision’s willingness to execute a BAA. Therefore, Falcon is not HIPAA compliant.  Furthermore, Cision and Falcon collect information about their users. Therefore, those who choose to use Falcon should be conscious of the information shared on and with the platform.

 

How to use Falcon in a HIPAA compliant way

As long as a covered entity is not sharing any PHI , it can use Falcon in a HIPAA compliant manner.  To stay compliant, your practice must never:
  • Mention or address individuals or their health histories
  • Use or imply information about an individual’s specific health conditions 
  • Imply information about an individual’s distinctive medical case
  • Disclose anything that could be considered PHI
  • Direct or private message patients (even if they message you first)
Your practice can use social media to share general information, such as:
  • Events or news about your practice
  • General wellness tips
  • COVID-19 updates
  • Information about your practice’s offerings

 

Communicate easily with HIPAA compliant email

The easiest way to communicate directly with patients is via a HIPAA compliant email solution, like Paubox Email Suite With Paubox Email Suite, all outbound emails encrypt by default. Our solution integrates directly into your existing email platform (such a Microsoft 365 or Google Workspace ). Paubox Email Suite requires no change to your email behavior.  Paubox Email Suite requires no passwords or patient email portals as all emails are delivered directly to your patient’s inbox.
 
Try Paubox Email Suite for FREE today.
Start for free

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.