Is CoSchedule HIPAA compliant?

Featured image

Share this article

Is-CoSchedule-HIPAA-Compliant-Paubox

Using social media is a valuable tool to bring information to a broad audience. However, healthcare providers who work with protected health information (PHI) need to make sure they aren’t violating HIPAA while using social media. 

Today we’re going to look at CoSchedule for HIPAA compliance.

About CoSchedule

CoSchedule is a content marketing management tool. Users can schedule both blog and social media content on this platform. 

The company describes itself as “a family of agile marketing tools that will help you stay focused, deliver projects on time, and make your team happy.”

CoSchedule and business associate agreements

A business associate agreement (BAA) is a requirement for HIPAA compliance. The BAA is a written contract between a covered entity and a business associate.

We found no information regarding BAAs on CoSchedule’s website.

PHI and CoSchedule

Safeguarding patient PHI is another critical component of HIPAA compliance. PHI is any information that can be used to identify a patient and is used during patient care. 

No reference to PHI is listed on CoSchedule’s website. 

CoSchedule does state, however, that it collects both personal and non-personal information “from and about website visitors.” 

The company considers non-personal information to be “information that is about you but individually does not identify you.” The computer you use to access its website, information about your internet connection, and usage details fall under non-personal information. 

Personal information includes your name, email address, mailing address, phone number, and credit card information. The user provides some of this information, while other information is collected automatically (like IP addresses and information collected through tracking technology). 

If CoSchedule is sold or merges with a different company, all personal and non-personal information will be shared with that company.

Conclusion

We found no information about CoSchedule’s willingness to execute a BAA. Therefore, CoSchedule is not HIPAA compliant. 

Furthermore, as stated above, CoSchedule collects and uses personal and non-personal information from its users. Those who chose to use CoSchedule need to be conscious of the information they are sharing.

Using CoSchedule in a HIPAA compliant manner

Covered entities can still use CoSchedule despite not being HIPAA compliant as long as they aren’t using any PHI on social media. 

To stay HIPAA compliant, make sure your practice never:

  • Discloses anything that could be considered PHI
  • Addresses individuals or their individual health histories 
  • Implies information about someone’s specific health condition or distinctive medical case
  • Private or direct messages any patient (even if they message you first) 

Healthcare providers can use social media to share general information, such as:

  • General wellness tips
  • COVID-19 updates
  • Information about your healthcare offerings
  • Upcoming events from your practice 

SEE ALSO: Social Media & HIPAA Compliance: The Ultimate Guide

Add HIPAA compliant email to your communication arsenal

A HIPAA compliant email solution, like Paubox Email Suite, is the easiest way to communicate with your patients directly. 

Paubox Email Suite integrates directly into your existing email platform (such as Google Workspace or Microsoft 365) and encrypts all outbound emails by default.  That means no change to your email behavior. 

Paubox Email Suite also does not require passwords or patient email portals; emails are delivered directly to your patient’s inbox. 

You focus on patient care; we’ll deliver your email securely and hassle-free.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hannah Trum

Read more by Hannah Trum

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022