Is your survey system compliant with HIPAA standards?

If you are not using SurveyMonkey to collect or store protected health information or “PHI” (any information about the health status, provision of health care, or payment for health care that can be linked to a specific individual, such as an individual’s name and/or contact details combined with information about health care that the individual received), or are not a “covered entity”, then HIPAA likely does not apply to your use of SurveyMonkey.

HIPAA comes into play if you are a “covered entity” and you want to use SurveyMonkey to collect or store PHI.  For example, if you want to create a patient satisfaction survey and collect patients’ contact details and details about their treatment.  If this is the case, HIPAA requires you to enter into a Business Associate Agreement with SurveyMonkey before you can do this.

Unfortunately, SurveyMonkey does not currently support the collection of PHI from both a legal and technical perspective and cannot enter into the required Business Associate Agreement. SurveyMonkey’s Terms of Use currently prohibit users from using SurveyMonkey to collect PHI. If you are interested in using SurveyMonkey to collect PHI, please express your interest by filling out this form. If we receive sufficient interest, we may implement the infrastructure necessary to handle PHI on behalf of covered entities.

To learn more about HIPAA, please visit the US Department of Health and Human Services’ website: http://www.hhs.gov/ocr/hipaa/