Social media is a valuable asset to any organization, including in healthcare. However, physicians and others who handle protected health information (PHI) must not use social media in a way that violates HIPAA.
Let’s look at Falcon for HIPAA compliance.
Falcon is a social media marketing platform. Features include social analytics, community engagement, and post-management.
Falcon describes itself as “a SaaS platform for social media listening, engaging, publishing, advertising, measuring, and managing customer data.”
Cision Ltd, a provider of earned media software and services, owns Falcon.
Falcon and business associate agreements
We found no mention of BAAs on Cision’s or Falcon’s websites.
PHI and Falcon
Keeping PHI safe is an essential aspect of HIPAA compliance. As a reminder, PHI is any type of information that can be used to identify a patient and is used during patient care.
There is no reference to PHI on Cision’s or Falcon’s websites.
However, Cision states that it collects information from its users, through its services (including Falcon), and third parties.
Types of information collected include names, IP addresses, device types, pages viewed on the website, social media logins, contact information, and tracking information (such as cookies).
Cision or Falcon may share this information, including personal information, with subsidiaries, affiliates, service providers, and sub-contractors. Additionally, should the company be sold or acquired, Cision or Falcon may share that information with the buyer.
We found no information about Falcon’s or Cision’s willingness to execute a BAA. Therefore, Falcon is not HIPAA compliant.
Furthermore, Cision and Falcon collect information about their users. Therefore, those who choose to use Falcon should be conscious of the information shared on and with the platform.
How to use Falcon in a HIPAA compliant way
As long as a covered entity is not sharing any PHI, it can use Falcon in a HIPAA compliant manner.
To stay compliant, your practice must never:
- Mention or address individuals or their health histories
- Use or imply information about an individual’s specific health conditions
- Imply information about an individual’s distinctive medical case
- Disclose anything that could be considered PHI
- Direct or private message patients (even if they message you first)
Your practice can use social media to share general information, such as:
- Events or news about your practice
- General wellness tips
- COVID-19 updates
- Information about your practice’s offerings
Communicate easily with HIPAA compliant email
With Paubox Email Suite, all outbound emails encrypt by default. Our solution integrates directly into your existing email platform (such a Microsoft 365 or Google Workspace ). Paubox Email Suite requires no change to your email behavior.
Paubox Email Suite requires no passwords or patient email portals as all emails are delivered directly to your patient’s inbox.