HIPAA compliance at SurveyMonkey
SurveyMonkey & HIPAA
SurveyMonkey gives anyone in your organization the ability to create surveys while allowing your organization to own its data, manage users, and simplify billing for multiple accounts. HIPAA-compliant features are available to customers to give them an additional way to safeguard the security of protected health information they collect through online surveys. SurveyMonkey maintains appropriate administrative, physical, and technical safeguards to provide for the continuing security of your PHI.
Why HIPAA security is important
Due to concerns around privacy of information, the Health Insurance Portability and Accountability Act (HIPAA) became law in 1996, enacting strict rules around the protection of health information. Because HIPAA violations are taken very seriously by the government, and often result in hefty fines, HIPAA compliant surveys can help your organization function smoothly.
Thanks to SurveyMonkey’s HIPAA compliant security features, Enterprise customers can feel confident that their surveys will comply with HIPAA requirements.
SurveyMonkey as a business associate
Our standard business associate agreement (BAA) meets the requirement of HIPAA, making it easy for covered entities to bring SurveyMonkey on board as a business associate and to enable HIPAA-compliant features on their SurveyMonkey account.
Customers can preview and sign a BAA in My Account. For more detailed instructions, click here.
HIPAA compliance for every healthcare organization
Different types of covered entities use surveys for different purposes. Examples include:
- Improve your performance by collecting patient feedback securely
- Limit the risk of PHI breach when gathering patient registration information
- Conduct CAHPS surveys discreetly and confidently
- Simplify medical research with pre-populated questions
- Reduce survey risk on mobile devices with SSL/TLS encryption
- Reliably collect data for healthcare accreditation
- Obtain actionable insights on patient and hospital safety culture securely
In addition to ensuring we fulfill our duties as a business associate, we designed additional safeguard features for our HIPAA-enabled accounts to help covered entities comply with their own HIPAA obligations.
- Prevent inappropriate access to sensitive information with automatic logout after idle
- Understand who is accessing company health information with activity account logs
- Take action when personal health information is shared thanks to PHI Share alerts
- Enter into a BAA for maximum appliance and accreditation
Conduct online surveys while complying with HIPAA
Now, anyone with an Enterprise plan can enable HIPAA-compliant features on their account at an additional cost. It’s easy to get set up:
- Upgrade to Enterprise.
- Enter into a Business Associate Agreement.
- We’ll turn on additional privacy safeguards compliant with HIPAA security requirements.
Questions?
Visit our HIPAA FAQ, or feel free to contact us with any questions you have about our product features or how we can help you comply with HIPAA’s requirements.
To learn more about HIPAA, visit the Department of Health and Human Services’ website: http://www.hhs.gov/ocr/hipaa/.