HIPAA (Health Insurance Portability & Accountability Act) is a United States law that provides a data privacy and security plan for keeping patients’ personal or protected health information (PHI) safe. SurveyRock Enterprise plan holders can secure their accounts to fulfill HIPAA requirements.
With HIPAA enabled on your account, you can safely distribute medical or health related surveys, secure in the knowledge that the patient data is protected. Specific organizations called “covered entities” and their business associates must comply with the requirements to protect the privacy and security of health information.
The legislation contains several sections, including one related to security. After your account has been HIPAA enabled, each of these technical safeguards will be in effect:
- Network encryption – Encrypt any electronic PHI to meet NIST cryptographic standards any time it is transmitted over an external network.
- Control access – Each user is assigned a centrally-controlled unique username and password to access the systems.
- Control activity audits – We offer detailed logging to track all PHI access attempts and to monitor how PHI data is manipulated.
- Enable automatic logoff – Users must be logged out after a certain set time-frame. We have set this to 30 minutes of inactivity.
When you work with a HIPAA enabled account we offer several security tips to remind you that you might be dealing with PHI sensitive data at the following times:
- Exporting survey data – If you download survey results to your computer that might contain protected health information, be sure to use every appropriate measure to safeguard the data.
- Viewing individual survey results – When you look at the data of individual survey respondents containing PHI, be mindful that only authorized personnel can see your screen.
- Public survey results – We give you the option to share survey results information with others but recommend turning off this function when working with PHI.
- Survey sharing – If you give others within your team or company access to your surveys, be sure that they understand they might be working with PHI.
Please note that once your account has been enabled for HIPAA, it cannot be disabled. In order to ensure the safety and security of any protected health information, HIPAA accounts cannot be downgraded, only removed when no longer needed.