HIPAA and Safe Harbor Certifications

SurveyGizmo is happy to announce that we now have HIPAA and Safe Harbor certifications. If you have never heard of these, you could probably stop reading here, but some of our customers (or wannabe customers) have been urging us for this. These are two forms of personal information protection. HIPAA is a US law regarding health information, and Safe Harbor is US Department of Commerce program to help business comply with EU privacy laws. Some of you might find it interesting that most of our competitors offering online surveys do not have HIPAA certification and some don’t have Safe Harbor either, so we’re happy to help.

Safe Harbor

In 1998, The European Union Commission’s Directive on Data Protection went into effect and basically created a set of stringent privacy guidelines for the protection of personal data. It also prohibited the transfer of personal data to non-European Union nations that do not follow those guidelines. In other words, our EU friends might not have been able to use SurveyGizmo to get their burning questions answered. In steps Safe Harbor registration, which bridges the gap between US and EU privacy laws. By meeting the Safe Harbor guidelines we can all get along. The really good news is that SurveyGizmo had already met or exceeded these privacy guidelines, and now we have gone through the process of being able to say so.

HIPAA

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a US federal law that establishes standards for the privacy and security of health information. SurveyGizmo had already abided by the spirit of these protections, but we are now all read up, quizzed up, and self-certified in both the HIPAA Privacy Rule and the Security Rule provisions. This means we meet the guidelines from a privacy perspective (we don’t share your data - ’nuff said) and a security perspective (we protect it and keep it private).

We fall under what is known as a “Business Associate,” meaning that we are not the actual entity collecting the PHI (Protected Health Information — in HIPAA-speak), but we service the organizations that do. We used the free and truly wonderful resource from the University of Miami School of Medicine The Privacy / Data Protection Project. It’s full of tons of useful documentation, but they must believe, like we do, that there is no reason you can’t have some fun while doing some serious learning. Here is one of their quiz answer explanations -

4. Which of these is the most important goal of the Security Rule?

A. Confidentiality of health data.

B. Integrity of health data.

C. Availability of health data.

D. All are important; it is difficult to say which is most important.

ANSWER:
D is correct. And we don’t care what anyone else says.

HIPPA Business Associate Contract

For those of you who need it, we now have a HIPAA business associate agreement for download. If your policies require you to have agreements with your IT providers, please download the form and contact us to put it in place.

Data Destruction & Privacy Configuration

Sometimes users have specific needs under either Safe Harbor, HIPAA or another institutional or state requirement. For instance, occasionally data needs to be completely destroyed after its intended use. If this is the case, let us know and we will help you out. In many cases, when some form of data is deleted in SurveyGizmo, it is retired and locked away rather than actually destroyed. In most cases this makes the loss retrievable in the event of a mistake (we can’t tell you how many times we’ve had calls that start with “Oh my god, I accidentally…”). We can, however, comply with a request for total data destruction; you just need to let us know.

Also, in an effort to provide our customers with valuable information, we record a lot of tracking information such as IP address, which can be considered personally identifiable information. If your needs require a custom configuration because of privacy concerns unique to your situation, let us know and we’ll see what we can do.

Respecting privacy is just good business and we aim to be the best at it.

If you have questions, feel free to contribute a discussion in the comments here, email us, or give us a call at 800-609-6480. We’re here to help.

Badges for Use in Your Survey

At the request of customers, here are graphic “badges” you can place in your survey, email or web page to showcase your compliance. Click the image to view it, then drag to your desktop, or use the HTML code to add it to your survey template or web page.

<img src=“http://www.surveygizmo.com/wp-content/uploads/2008/02/safeharbor.gif” alt=“Safe Harbor Certified”/>

<img src=“http://www.surveygizmo.com/wp-content/uploads/2008/02/hippa.gif” alt=“HIPPA Certified”/>

5 Comments