SurveyGizmo is happy to announce that we have HIPAA and Safe Harbor certifications. If you have never heard of these, you could probably stop reading here, but some of our customers (or wannabe customers) have been urging us for this. These are two forms of personal information protection. HIPAA is a US law regarding health information, and Safe Harbor is US Department of Commerce program to help business comply with EU privacy laws. Some of you might find it interesting that most of our competitors offering online surveys do not have HIPAA certification and some don’t have Safe Harbor either, so we’re happy to help.
Safe Harbor
In 1998, The European Union Commission’s Directive on Data Protection went into effect and basically created a set of stringent privacy guidelines for the protection of personal data. It also prohibited the transfer of personal data to non-European Union nations that do not follow those guidelines. In other words, our EU friends might not have been able to use SurveyGizmo to get their burning questions answered. In steps Safe Harbor registration, which bridges the gap between US and EU privacy laws. By meeting the Safe Harbor guidelines we can all get along. The really good news is that SurveyGizmo had already met or exceeded these privacy guidelines, and now we have gone through the process of being able to say so.
HIPAA
HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a US federal law that establishes standards for the privacy and security of health information. SurveyGizmo had already abided by the spirit of these protections, but we are now all read up, quizzed up, and self-certified in both the HIPAA Privacy Rule and the Security Rule provisions. This means we meet the guidelines from a privacy perspective (we don’t share your data – ’nuff said) and a security perspective (we protect it and keep it private).
**Please Note- If you require an SSL connection (HTTPS) you will want our Enterprise account, as it is the only account level that guarantees an SSL connection.
We fall under what is known as a “Business Associate,” meaning that we are not the actual entity collecting the PHI (Protected Health Information — in HIPAA-speak), but we service the organizations that do. We used the free and truly wonderful resource from the University of Miami School of Medicine The Privacy / Data Protection Project. It’s full of tons of useful documentation, but they must believe, like we do, that there is no reason you can’t have some fun while doing some serious learning. Here is one of their quiz answer explanations -
4. Which of these is the most important goal of the Security Rule?
A. Confidentiality of health data.
B. Integrity of health data.
C. Availability of health data.
D. All are important; it is difficult to say which is most important.
ANSWER:
D is correct. And we don’t care what anyone else says.
HIPAA Business Associate Contract
For those of you who need it, we have a HIPAA business associate agreement for download. If your policies require you to have agreements with your IT providers, please download the form and contact us to put it in place.
Data Destruction & Privacy Configuration
Sometimes users have specific needs under either Safe Harbor, HIPAA or another institutional or state requirement. For instance, occasionally data needs to be completely destroyed after its intended use. If this is the case, let us know and we will help you out. In many cases, when some form of data is deleted in SurveyGizmo, it is retired and locked away rather than actually destroyed. In most cases this makes the loss retrievable in the event of a mistake (we can’t tell you how many times we’ve had calls that start with “Oh my god, I accidentally…”). We can, however, comply with a request for total data destruction; you just need to let us know.
Also, in an effort to provide our customers with valuable information, we record a lot of tracking information such as IP address, which can be considered personally identifiable information. If your needs require a custom configuration because of privacy concerns unique to your situation, let us know and we’ll see what we can do.
Respecting privacy is just good business and we aim to be the best at it.
If you have questions, feel free to contribute a discussion in the comments here, email us, or give us a call at 800-609-6480. We’re here to help.
Badges for Use in Your Survey
At the request of customers, here are graphic “badges” you can place in your survey, email or web page to showcase your compliance. Click the image to view it, then drag to your desktop, or use the HTML code to add it to your survey template or web page.
<img src="/wp-content/uploads/2008/02/safeharbor.gif" alt="Safe Harbor Certified"/>
<img src="/wp-content/uploads/2008/02/hippa.gif" alt="HIPAA Certified"/>Tags: HIPAA certification, Safe Harbor
Feb. 1 
Jan. 31
1
[...] for the privacy and security of health information. Once again SurveyGizmo already abided by the spirit of these protections, but is now all read up, quizzed up, and self-certified in both the HIPAA Privacy Rule and the [...]
2
[...] for the privacy and security of health information. Once again SurveyGizmo already abided by the spirit of these protections, but is now all read up, quizzed up, and self-certified in both the HIPAA Privacy Rule and the [...]
3
For useful resources like policies, training, articles for business associates and covered entities. You can also go to http://www.compliancehome.com/resources/HIPAA/
4
where can i get badges for all of these certs, to display on my survey?
thx
5
Hi Johny,
That was a great idea about the badges so we have added them to this page.
Thanks!
Scott
6
[...] Can you talk about if Survey Gizmo is HIPAA compliant. I work at a University and will be collecting personal health information. Yes, SurveyGizmo is HIPAA compliant. We have many Universities that use us as well. You can find more information about our HIPAA compliance here: http://www.surveygizmo.com/survey-blog/online-survey-hipaa-safe-harbor-certification/ [...]