2 min read
With over 3.5 billion people projected to use social media in 2020, healthcare professionals cannot afford to ignore the power of this communication tool. However, choosing the right social media management service might not be an easy task. Especially when you need to stay HIPAA compliant. Today we are looking at Buffer .
About Buffer
Founded in 2010, Buffer is a social media management platform used to create, analyze, and publish social media posts. Buffer’s capabilities include in-depth social analytics, report building, audience insights, and more.Buffer and the business associate agreement
A business associate agreement (BAA) is a written contract between a covered entity and a business associate . It is required for HIPAA compliance. We found no information online about Buffer executing a BAA.Protected health information and Buffer
An essential part of HIPAA compliance is protecting patients’ protected health information (PHI). Any information that can be used to reasonably identify a patient and is used during patient care is PHI. Buffer offered no information about PHI on its website. We did find information on its Legal Policies and Procedures page that personal user information is collected, used, and disclosed by Buffer. By agreeing to Buffer’s terms and conditions, users agree to allow the platform to collect their personal information. Buffer also states that it may sell this personal user information. Per its Privacy Shield :Buffer may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.
The above information is another reason why Buffer is not HIPAA compliant.
Conclusion
A pivotal component of HIPAA compliance is an executed BAA. We found no information on Buffer’s willingness to sign or discuss executing a BAA. Therefore, Buffer does not offer HIPAA compliant services.Using Buffer without violating HIPAA
There are ways covered entities can utilize Buffer’s services safely, however. Using social media to nurture the patient-provider relationship is an excellent idea for healthcare professionals. You and your practice can maintain HIPAA compliance while sharing general information on social media, like general wellness tips, information about your practice, event information, and updates about COVID-19. SEE ALSO: Social Media and Email Marketing for Healthcare: A Virtuous Circle To use social media in a HIPPA compliant manner, your practice must never:- Disclose anything that could be considered PHI
- Allude to someone’s specific health condition or unique medical case
- Address individuals or their individual health histories, even if someone discloses this information willingly
- Direct or private message any patient
Simply put, steer clear of sharing anything that can be remotely considered PHI, and make sure your team completely understands social media and HIPAA compliance . Also, consider creating a HIPAA compliant social media plan to help ensure your staff is sharing information correctly.
