HIPAA compliance at SurveyMonkey

SurveyMonkey gives anyone in your organization the ability to create surveys while allowing your organization to own its data, manage users, and simplify billing for multiple accounts. HIPAA-compliant features are available to customers to give them an additional way to safeguard the security of protected health information they collect through online surveys. SurveyMonkey maintains appropriate administrative, physical, and technical safeguards to provide for the continuing security of your PHI.

Due to concerns around privacy of information, the Health Insurance Portability and Accountability Act (HIPAA) became law in 1996, enacting strict rules around the protection of health information. Because HIPAA violations are taken very seriously by the government, and often result in hefty fines, HIPAA compliant surveys can help your organization function smoothly.

Thanks to SurveyMonkey’s HIPAA compliant security features, Enterprise customers can feel confident that their surveys will comply with HIPAA requirements.

Our standard business associate agreement (BAA) meets the requirement of HIPAA, making it easy for covered entities to bring SurveyMonkey on board as a business associate and to enable HIPAA-compliant features on their SurveyMonkey account.

Customers can preview and sign a BAA in My Account. For more detailed instructions, click here.

Different types of covered entities use surveys for different purposes. Examples include:

  • Improve your performance by collecting patient feedback securely
  • Limit the risk of PHI breach when gathering patient registration information
  • Conduct CAHPS surveys discreetly and confidently
  • Simplify medical research with pre-populated questions
  • Reduce survey risk on mobile devices with SSL/TLS encryption
  • Reliably collect data for healthcare accreditation
  • Obtain actionable insights on patient and hospital safety culture securely

In addition to ensuring we fulfill our duties as a business associate, we designed additional safeguard features for our HIPAA-enabled accounts to help covered entities comply with their own HIPAA obligations.

  • Prevent inappropriate access to sensitive information with automatic logout after idle
  • Understand who is accessing company health information with activity account logs
  • Take action when personal health information is shared thanks to PHI Share alerts
  • Enter into a BAA for maximum appliance and accreditation

Now, anyone with an Enterprise plan can enable HIPAA-compliant features on their account at an additional cost. It’s easy to get set up:

  1. Upgrade to Enterprise.
  2. Enter into a Business Associate Agreement.
  3. We’ll turn on additional privacy safeguards compliant with HIPAA security requirements.

Visit our HIPAA FAQ, or feel free to contact us with any questions you have about our product features or how we can help you comply with HIPAA’s requirements.

To learn more about HIPAA, visit the Department of Health and Human Services’ website: http://www.hhs.gov/ocr/hipaa/.

Measuring quality of care to improve the patient experience

Healthcare leaders can use this toolkit to help better understand the patient and employee experience.

Patient registration form template

Seamlessly collect patient registrations with our fully customizable, HIPAA-compliant patient registration form template.

Client intake form template

Efficiently onboard clients with our customizable client intake form template. Get started today!

Patient intake form template

Efficiently onboard patients with our customizable Patient Intake Form template. Gather medical information seamlessly using the intuitive SurveyMonkey form builder.