The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information (or Protected Health Information 'PHI') from being disclosed without the patient’s consent or knowledge.
When you enable the HIPAA capabilities on your Enterprise account, you can safely distribute medical or health related surveys, secure in the knowledge that the patient data is protected. Specific organizations called “Covered Entities” and their business associates must comply with specific requirements to protect the privacy and security of health information.
In order to enable HIPAA, contact our support team for assistance. We will send you a Business Associate Agreement (BAA) to sign and return to us. The HIPAA Privacy Rule requires all Covered Entities to have this agreement with any Business Associate (BA) they hire that may come in contact with PHI. It is a written arrangement that specifies each party’s responsibilities when it comes to PHI.
The HIPAA legislation contains several sections, including one related to security. After your account has been HIPAA enabled, each of these technical safeguards will be in effect:
- Network encryption – Encrypt any electronic PHI to meet NIST cryptographic standards any time it is transmitted over an external network.
- Control access – Each user is assigned a centrally-controlled unique username and password to access the systems.
- Control activity audits – We offer detailed logging to track all PHI access attempts and to monitor how PHI data is manipulated.
- Enable automatic logoff – Users must be logged out after a certain set time-frame. We have set this to 30 minutes of inactivity.
When you work with a HIPAA enabled account we offer several security tips to remind you that you might be dealing with PHI sensitive data at the following times:
- Exporting survey data – If you download survey results to your computer that might contain protected health information, be sure to use every appropriate measure to safeguard the data.
- Viewing individual survey results – When you look at the data of individual survey respondents containing PHI, be mindful that only authorized personnel can see your screen.
- Public survey results – We give you the option to share survey results information with others but recommend turning off this function when working with PHI.
- Survey sharing – If you give others within your team or company access to your surveys, be sure that they understand they might be working with PHI.
Note: Once your account has been enabled for HIPAA, it cannot be disabled. In order to ensure the safety and security of any protected health information, HIPAA accounts cannot be downgraded, only removed when no longer needed.