Is Buffer HIPAA compliant?

Featured image

Share this article

Is-Buffer-HIPAA-Compliant-Paubox

With over 3.5 billion people projected to use social media in 2020, healthcare professionals cannot afford to ignore the power of this communication tool. 

However, choosing the right social media management service might not be an easy task. Especially when you need to stay HIPAA compliant.

Today we are looking at Buffer.

About Buffer

Founded in 2010, Buffer is a social media management platform used to create, analyze, and publish social media posts.  

Buffer’s capabilities include in-depth social analytics, report building, audience insights, and more.

Buffer and the business associate agreement

A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required for HIPAA compliance. 

We found no information online about Buffer executing a BAA.

Protected health information and Buffer

An essential part of HIPAA compliance is protecting patients’ protected health information (PHI). Any information that can be used to reasonably identify a patient and is used during patient care is PHI.

Buffer offered no information about PHI on its website. 

We did find information on its Legal Policies and Procedures page that personal user information is collected, used, and disclosed by Buffer. By agreeing to Buffer’s terms and conditions, users agree to allow the platform to collect their personal information. 

Buffer also states that it may sell this personal user information. 

Per its Privacy Shield:


Buffer may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, or in the event of insolvency or bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity’s planned processing of your information differs materially from that set forth in this Privacy Policy.


The above information is another reason why Buffer is not HIPAA compliant. 

Conclusion

A pivotal component of HIPAA compliance is an executed BAA. 

We found no information on Buffer’s willingness to sign or discuss executing a BAA. Therefore, Buffer does not offer HIPAA compliant services.

Using Buffer without violating HIPAA

There are ways covered entities can utilize Buffer’s services safely, however.  

Using social media to nurture the patient-provider relationship is an excellent idea for healthcare professionals. You and your practice can maintain HIPAA compliance while sharing general information on social media, like general wellness tips, information about your practice, event information, and updates about COVID-19. 

SEE ALSO: Social Media and Email Marketing for Healthcare: A Virtuous Circle

To use social media in a HIPPA compliant manner, your practice must never:

  • Disclose anything that could be considered PHI
  • Allude to someone’s specific health condition or unique medical case
  • Address individuals or their individual health histories, even if someone discloses this information willingly 
  • Direct or private message any patient

Simply put, steer clear of sharing anything that can be remotely considered PHI, and make sure your team completely understands social media and HIPAA compliance

Also, consider creating a HIPAA compliant social media plan to help ensure your staff is sharing information correctly.

Complement social media with HIPAA compliant email

Sending PHI via a social media management platform might not be possible, but direct communication with your patients via a HIPAA compliant email solution, like Paubox Email Suite, is. 

Outbound emails are encrypted by default and sent from your existing email platform (such as Google Workspace or Microsoft 365), so the solution does not require any change in user behavior. 

Emails are delivered directly to a patient’s email inbox; no password or portal is required. 

Your patients will never have to worry about logging into and out of an email portal again.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hannah Trum

Read more by Hannah Trum

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022