There are three requirements to be HIPAA compliant while using SurveyGizmo:
- A signed copy of our Business Associate Agreement (BAA). Customers should contact us to sign a BAA.
- Project Data Encryption
- Enabling project data encryption may slow survey building performance.
- Surveys are encrypted on a per survey basis and must be enabled or toggled on for each individual survey.
- Secure SSL links to your surveys
Because of the many advanced features of SurveyGizmo, the evolving nature of our customers' ingenious uses of our platform as well as our own agile software development, there are features that could potentially lead to HIPAA issues. There may be other features not listed here that could cause concern, based on your usage. Reach out to us if you have any concerns.
- Email Actions - Data sent with Email Actions is not encrypted.
- File Library - Data is not encrypted in the File Library.
- Third-Party Integrations (e.g., Google Spreadsheet, Salesforce, etc.) - Data transfers via Third-Party Integrations are secure and encrypted. Before setting up integrations we recommend checking with the third-party service provider to ensure that data is encrypted at rest.
Deleting Response Data
Visit our Permanently Delete Data help article for instructions on deleting survey response data that contains PHI and that was either encrypted or un-encrypted. It’s a best practice for your HIPAA compliance to make sure that your PHI data is stored in as few places as possible!
If you have any questions on an advanced or not-so-advanced use of a SurveyGizmo feature that you or your compliance team have questions on when it comes to HIPAA, get in touch with us. We're here to help and we love hearing from you!
For more information on HIPAA and SurveyGizmo, visit our Privacy page.