HIPAA Compliance and Safe Harbor Certifications

SurveyGizmo is happy to announce that we now have HIPAA compliant features and are self-certified the US-EU Safe Harbor. If you have never heard of these, you could probably stop reading here, but some of our customers (or wannabe customers) have been urging us for this. These are two forms of personal information protection. HIPAA is a US law regarding health information, and Safe Harbor is US Department of Commerce program to help businesses comply with EU privacy laws. Some of you might find it interesting that most of our competitors offering online surveys do not have HIPAA compliant features and some don’t have Safe Harbor either, so we’re happy to help.

Safe Harbor

In 1998, The European Union Commission’s Directive on Data Protection went into effect and basically created a set of stringent privacy guidelines for the protection of personal data. It also prohibited the transfer of personal data to non-European Union nations that do not follow those guidelines. In other words, our EU friends might not have been able to use SurveyGizmo to get their burning questions answered. In steps Safe Harbor registration, which bridges the gap between US and EU privacy laws. By meeting the Safe Harbor guidelines we can all get along. The really good news is that SurveyGizmo had already met or exceeded these privacy guidelines, and now we have gone through the process of being able to say so.


HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a US federal law that establishes standards for the privacy and security of health information. SurveyGizmo had already abided by the spirit of these protections, but we are now all read up, quizzed up, and self-assessed in both the HIPAA Privacy Rule and the Security Rule provisions. This means we meet the guidelines from a privacy perspective (we don’t share your data – ’nuff said) and a security perspective (we protect it and keep it private).

**Please Note- If you require an SSL connection (HTTPS) all of our paid account levels offer this as well as secure links.

We fall under what is known as a “Business Associate,” meaning that we are not the actual entity collecting the PHI (Protected Health Information — in HIPAA-speak), but we service the organizations that do. We used the free and truly wonderful resource from the University of Miami School of Medicine The Privacy / Data Protection Project. It’s full of tons of useful documentation, but they must believe, like we do, that there is no reason you can’t have some fun while doing some serious learning. Here is one of their quiz answer explanations -

4. Which of these is the most important goal of the Security Rule?

A. Confidentiality of health data.

B. Integrity of health data.

C. Availability of health data.

D. All are important; it is difficult to say which is most important.

D is correct. And we don’t care what anyone else says.

HIPAA Business Associate Contract

For those of you who need it, we have a HIPAA compliant BAA available. If your policies require you to have agreements with your software providers, please contact us and we can help you out.

Data Destruction & Privacy Configuration

Sometimes users have specific needs under either Safe Harbor, HIPAA or another institutional or state requirement. For instance, occasionally data needs to be completely destroyed after its intended use. If this is the case, let us know and we will help you out. In many cases, when some form of data is deleted in SurveyGizmo, it is retired and locked away rather than actually destroyed. In most cases this makes the loss retrievable in the event of a mistake (we can’t tell you how many times we’ve had calls that start with “Oh my god, I accidentally…”). We can, however, comply with a request for total data destruction; you just need to let us know.

Also, in an effort to provide our customers with valuable information, we record a lot of tracking information such as IP address, which can be considered personally identifiable information. If your needs require a custom configuration because of privacy concerns unique to your situation, let us know and we’ll see what we can do.

Respecting privacy is just good business and we aim to be the best at it.

If you have questions, feel free to contribute a discussion in the comments here, email us, or give us a call at 800-609-6480. We’re here to help.

Badges for Use in Your Survey

At the request of customers, here are graphic “badges” you can place in your survey, email or web page to showcase your compliance. Click the image to view it, then drag to your desktop, or use the HTML code to add it to your survey template or web page.

We self-certify compliance with

For more information, you can also visit our Privacy Policy at www.surveygizmo.com/privacy.

Join the Conversation
hello world