SurveyMonkey.com - The best thing since the opposable thumb!Help Center

Is your survey system compliant with HIPAA standards?

HIPAA compliance applies to the organization or entity as a whole, and includes measures for:

  1. Standardization of electronic patient health, administrative and financial data.
  2. Unique health identifiers for individuals, employers, health plans and health care providers.
  3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.

To learn more about HIPAA policies and standards, please visit their website at the following: http://www.hhs.gov/ocr/hipaa/ 

 

HIPAA & SurveyMonkey 

SurveyMonkey does not have specific documentation in regards to SurveyMonkey being HIPAA compliant. The following information may help you to assess whether or not this is compliant with the HIPAA regulations required by your organization.

 

Information Collection:

  • We will not use the information collected from your surveys in any way, shape, or form. 
  • Any other material you provide us (including images, email addresses, etc.) will be held in the strictest confidence. 
  • We do not collect personally identifiable information about you except when you specifically provide this information on a voluntary basis. We will make every effort to ensure that whatever information you provide will be maintained in a secure environment. However, even if you opt out of receiving any communications from SurveyMonkey, we reserve the right to contact you regarding your account status or any other matter that might affect our service to you and/or our records on you. 

 

Information Use:

SurveyMonkey reserves the right to perform statistical analysis of user behavior and characteristics. We do this in order to measure interest in and use of the various areas of the website. 

  • SurveyMonkey collects IP addresses for system administration and record keeping. Your IP address is automatically assigned to your computer when you use the World Wide Web. 
  • Our servers record incoming IP addresses. 
  • The IP addresses are analyzed only in aggregate; no connection is made between you and your computer's IP address. 
  • By tracking IP addresses, we can determine which sites refer the most people to SurveyMonkey. (Think of an IP address like your zip code; it tells us in general terms where you're from.) 

 

Cookies:

"Cookies" are small text files a website can use to recognize repeat users.

  • SurveyMonkey uses cookies to recognize visitors and more quickly provide personalized content or grant you unimpeded access to the website. 
  • With cookies enabled, you will not need to fill in password or contact information. 
  • Information gathered through cookies also helps us measure use of our website. Cookie data allows us to track usage behavior and compile data that we can use to improve the site. 
  • This data will be used in aggregate form; no specific users will be tracked. Generally, cookies work by assigning a unique number to the user that has no meaning outside of the Web site that he or she is visiting. 
  • You can easily turn off cookies. Most browsers have a feature that allows the user to refuse cookies or issues a warning when cookies are being sent. However, our site will not function properly without cookies. Enabling cookies ensures a smooth, efficient visit to our website. 

 

Opting Out:

Upon request, SurveyMonkey will allow any user to opt out of our monthly newsletter. Also, upon your request, SurveyMonkey will delete you and your personal information from our database; however, it may be impossible to delete all of your information without some residual data because of backups and records of deletions.

For more information regarding opting out of any mailing from SurveyMonkey, please visit our Help Center.

 

Safe Harbor and EU Data Protection Requirements:

We have met the Safe Harbor requirements on 11/29/2004 02:29:37 PM SurveyMonkey has been placed on the Safe Harbor list of companies accordingly.

This list can be found at: http://web.ita.doc.gov/safeharbor/SHList.nsf/WebPages/Oregon.

 

General Security Policy:

SurveyMonkey is aware of your privacy concerns and strives to collect only as much data as is required to make your SurveyMonkey experience as efficient and satisfying as possible, in the most unobtrusive manner as possible. The foregoing policies are effective as of April 4, 2000. SurveyMonkey reserves the right to change this policy at any time by notifying users of the existence of a new privacy statement. This statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any party.

 

SSL Encryption: 

We do offer SSL encryption for Professional accounts. With SSL encryption purchased, you will be able to do the following:

  • Send encrypted survey links to your audience. The survey link and survey pages will be encrypted during transmission from your account to your respondents. Their responses will be encrypted as they are delivered back into the Analyze section of your account. 
  • Requested exports will be delivered to your computer in an encrypted format
star.gif We offer the following level of encryption: Verisign certificate Version 3, 128 bit encryption

A survey link with SSL encryption will show the 's' in the 'http' URL address. It will appear as:

https://www.surveymonkey.com/s.aspx?sm=D4aI4ZVWg3ql1CfP9d1z1Q_3d_3d

This is commonly used for online banking sites or sites that transmit secured information. In order to stay in compliance with HIPAA regulations, we recommend that SSL encryption be purchased for your subscription.

The cost is an additional $9.95 per month for monthly accounts, $29.85 per quarter, or $100 with the annual subscription.

You can choose to add SSL encryption to the account during the upgrade process. If you need to add the encryption after you have upgraded the account, you can send that request into our email support center. We can add it onto the account for you.