Data Security

What is this?

You can use SurveyGizmo to create both HIPAA- and Safe Harbor-certified surveys. These are two forms of personal information protection. HIPAA is a US law regarding health information, and Safe Harbor is US Department of Commerce program to help business comply with EU privacy laws.

Safe Harbor

In 1998, The European Union Commission’s Directive on Data Protection went into effect and basically created a set of stringent privacy guidelines for the protection of personal data. It also prohibited the transfer of personal data to non-European Union nations that do not follow those guidelines. In other words, our EU friends might not have been able to use SurveyGizmo to get their burning questions answered. In steps Safe Harbor registration, which bridges the gap between US and EU privacy laws. By meeting the Safe Harbor guidelines we can all get along. The really good news is that SurveyGizmo had already met or exceeded these privacy guidelines, and now we have gone through the process of being able to say so.


HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a US federal law that establishes standards for the privacy and security of health information. SurveyGizmo had already abided by the spirit of these protections, but we are now all read up, quizzed up, and self-certified in both the HIPAA Privacy Rule and the Security Rule provisions. This means we meet the guidelines from a privacy perspective (we don’t share your data – ’nuff said) and a security perspective (we protect it and keep it private).

For those of you who need it, we now have a HIPAA business associate agreement for download. If your policies require you to have agreements with your IT providers, please download the form and contact us to put it in place.

Data Destruction & Privacy Configuration

Sometimes users have specific needs under either Safe Harbor, HIPAA or another institutional or state requirement. For instance, occasionally data needs to be completely destroyed after its intended use. In many cases, when some form of data is deleted in SurveyGizmo, it is retired and locked away rather than actually destroyed. In most cases this makes the loss retrievable in the event of a mistake. We can, however, comply with a request for total data destruction; you just need to let us know.

Respecting privacy and keeping data secure is just good business and we aim to be the best at it.

At the request of customers, you can place “badges” in your survey, email or web page to showcase your compliance. Your respondent will be reassured and comfortable taking your survey.