Is SurveyMonkey HIPAA-Compliant?

Is SurveyMonkey HIPAA-Compliant?

Various industries, including healthcare, use SurveyMonkey, a popular tool for data collection. However, using online surveys and forms tools like SurveyMonkey exposes highly sensitive health information to data privacy risks. Thus, it’s crucial to determine its compliance status before utilizing it for healthcare data collection.

Is SurveyMonkey HIPAA-compliant? It’s time to determine whether this online survey software can protect patient confidentiality.

Is SurveyMonkey HIPAA-Compliant?

Why Data Collection Tools Need to Be HIPAA-Compliant

Data collection in healthcare serves different purposes, including patient registration, satisfaction surveys, research studies, and clinical assessments. The data collected from patients help contribute to the advancements in healthcare practices. It also allows healthcare professionals to come up with data-driven medical decisions. 

However, the increasing reliance on digital tools like SurveyMonkey for data collection has led to an equally pressing need for strict compliance with regulations like HIPAA.

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a US law regulating protected health information (PHI). Covered entities and their business associates should adhere to HIPAA guidelines, risking legal consequences if they don’t. These legal repercussions include massive fines, criminal penalties, lawsuits, and corrective action plans.

is surveymonkey hipaa-compliant

Is SurveyMonkey HIPAA-Compliant?

Yes, SurveyMonkey provides features that enable HIPAA compliance. SurveyMonkey asserts its role as a business associate to covered entities, with its Enterprise plan aligning with HIPAA regulations. Moreover, it offers a Business Associate Agreement (BAA), further signifying its commitment to keeping PHI secure and private.

However, achieving HIPAA compliance also depends on your SurveyMonkey usage. Above anything, you must include the Enterprise add-on to your Enterprise account. You need this type of account in SurveyMonkey to achieve compliance. Those with existing Enterprise accounts may contact the survey tool’s Customer Success Manager (CSM) for the add-in. Non-Enterprise users must contact SurveyMonkey’s sales team first.

Remember, the forms and survey tool emphasize that compliance only applies to using their platform if you are a covered entity under HIPAA, primarily when you use it to collect or store PHI. As per HIPAA, the definition of a covered entity includes doctors, nurses, health plans, and healthcare clearinghouses. Therefore, if your organization falls into these categories and you are using SurveyMonkey for healthcare data collection, you should learn how to use the platform in a way that won’t violate any of its regulations. The same rule applies to businesses handling or processing PHI on behalf of a covered entity, including accounting firms and medical billing companies.

Important Reminders for SurveyMonkey Enterprise Users

If you want to subscribe to the HIPAA-compliant Enterprise plan, make sure that you understand the following conditions about SurveyMonkey and HIPAA compliance:

  • Account limitations: Once a SurveyMonkey account is HIPAA-enabled, it cannot be reverted to a non-HIPAA-enabled status. Consider this aspect of permanence if you need flexibility in your account status.
  • Downgrading plans: Downgrading a HIPAA-enabled account to a lower plan type is not possible. If users wish to remove HIPAA-compliant features or switch to a lower plan, they must open a new account.
  • Account suspensions and terminations: Failure to renew a HIPAA-enabled account will result in suspension, retaining data for a limited time. After this period, the account will be closed. Terminating the BAA also leads to account closure.
Is SurveyMonkey HIPAA-Compliant?

Ensuring HIPAA Compliance Using SurveyMonkey

Here are some vital steps to guarantee HIPAA compliance when using tools like SurveyMonkey:

Enable HIPAA features

Activate HIPAA-compliant features on your SurveyMonkey account using the Enterprise add-on. Collect PHI only through a HIPAA-enabled account, and refrain from using the online survey platform to handle PHI if you don’t have the Enterprise add-on.

Sign a BAA

If you’re using a HIPAA-compliant account, you must sign a BAA with SurveyMonkey. This legal document holds you and the online survey forms provider accountable in case of a HIPAA breach.

Conduct regular user training

Train users in handling PHI within the SurveyMonkey platform. Emphasize its specific features that maintain HIPAA compliance. Regular training about proper PHI handling enables employees and other organization personnel to become more aware of their role in safeguarding PHI and the consequences they could face for failing to do so.

Handle data carefully

Follow the HIPAA security tips provided by SurveyMonkey. The provider gives valuable information on the secure handling of exported survey results, careful sharing of surveys, responsible transfer of surveys between accounts, and cautious collection and sharing of PHI.

Continuously monitor user activities

Ensure that all user actions align with HIPAA guidelines. Your IT administrator can monitor user activities by regularly checking SurveyMonkey’s Team Activity log.

Drive Your Business Forward With HIPAA-Compliant Data Collection Solutions

SurveyMonkey can be a convenient and secure way to collect data, provided that users follow the provider’s guidelines for HIPAA compliance. Still, you should also carefully consider its reminders for Enterprise plan users. Remember that enabling SurveyMonkey HIPAA compliance, terminating a BAA, and downgrading your plan have permanent consequences.

While SurveyMonkey Enterprise has limitations, choosing it for secure healthcare data collection also has significant benefits. Besides streamlining the process of collecting data, it can aid in gaining patient trust, using its compliance with HIPAA as a way to provide reassurance.

Kent Cañas

Kent is a content strategist currently specializing in HIPAA-compliant online fax. Her expertise in this field allows her to provide valuable insights to clients seeking a secure and efficient online fax solution.

More great articles
typeform compliance
Is Typeform HIPAA-Compliant?

Can this online form-building platform be used to collect and process patient information? For that, you need to ask: Is…

Read Story
secure sms messaging platforms
5 Best Secure SMS Platforms for HIPAA Compliance

Check out this list featuring the best and most secure SMS platforms for ensuring compliance with HIPAA.

Read Story
godaddy hipaa compliance
Is GoDaddy HIPAA-Compliant?

Is GoDaddy HIPAA-compliant? Find out whether this web hosting provider meets the necessary requirements to handle protected health information.

Read Story
Subscribe to iFax Newsletter
Get great content to your inbox every week. No spam.

    Only great content, we don’t share your email with third parties.