Is your survey system compliant with HIPAA standards?
If you are not using SurveyMonkey to collect or store protected health information or “PHI” (any information about the health status, provision of health care, or payment for health care that can be linked to a specific individual, such as an individual’s name and/or contact details combined with information about health care that the individual received), or are not a “covered entity”, then HIPAA likely does not apply to your use of SurveyMonkey.
HIPAA comes into play if you are a “covered entity” and you want to use SurveyMonkey to collect or store PHI. For example, if you want to create a patient satisfaction survey and collect patients’ contact details and details about their treatment. If this is the case, HIPAA requires you to enter into a Business Associate Agreement with SurveyMonkey before you can do this.
To learn more about HIPAA, please visit the US Department of Health and Human Services’ website: http://www.hhs.gov/ocr/hipaa/