Using social media is a great way to convey general information, like office closures or events, to your patients from your organization. However, it’s crucial for covered entities to stay HIPAA compliant when utilizing social media. Let’s look at Hootsuite for HIPAA compliance.
About HootsuiteHootsuite is a social media management tool used to schedule posts, analyze social media data, and respond to messages. Hootsuite offers five different plans (free, professional, team, business, enterprise) and certification courses for social media professionals.
Hootsuite and business associate agreementsA business associate agreement (BAA) is a written contract between a covered entity and a business associate . It is required for HIPAA compliance. We found no information online about Hootsuite executing a BAA. Additionally, we inquired with Hootsuite’s customer support team about BAAs but did not receive an answer.
ConclusionA central component of HIPAA compliance is an executed BAA. We found no information on Hootsuite’s willingness to sign a BAA. We also reached out to Hootsuite’s customer support team to inquire about BAAs but did not receive a reply. Furthermore, Hootsuite stores and shares customer information, including what could possibly be PHI. However, according to Hootsuite’s case study, large healthcare organizations, such as Spectrum Health , utilize Hootsuite while “successfully navigating HIPAA regulations.” Therefore, it is inconclusive if Hootsuite is HIPAA compliant.
Using Hootsuite without violating HIPAAIt is possible to utilize a tool like Hootsuite and maintain HIPAA compliance without a BAA. Hootsuite has even created a guide for healthcare professionals . Make sure your team understands social media and HIPAA compliance . As a best practice, when using social media, your organization should never:
- Direct or private message any patient
- Address individuals or their individual health history (even if they disclose that information willingly)
- Disclose anything that could be considered PHI
- Imply or allude to someone’s specific health condition or medical case
Hassle-free communication with HIPAA compliant emailAlthough it is a HIPAA violation to send or receive PHI via a social media management platform, using a HIPAA compliant email solution, such as Paubox Email Suite , offers a direct line of communication to your patients. Outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace or Microsoft 365 ), so the solution does not require any change in email behavior . Emails are delivered directly to a patient’s email inbox. No password or portal required .
Try Paubox Email Suite for FREE today.