HIPAA Security Tips
Once HIPAA-compliance is enabled in your account, follow the best practices highlighted below to ensure that you’re handling your data responsibly and securely during each of the activities listed.
This feature is available only in our Enterprise plan. Contact us to take advantage of this option.
|Action||HIPAA Security Tips|
|Exporting survey results||If you download survey results to your own computer, please ensure that those downloaded files are handled appropriately, since they contain PHI. We suggest that you secure those files by encrypting them and only transferring them under an encrypted connection.|
|Sharing surveys/results with others||When you share a survey, the people you choose to share it with will have access to view and possibly edit the survey or access any collected survey responses. Remember to only share surveys in a manner consistent with your HIPAA obligations. Only share a survey with people who are authorized to work on that survey.|
|Transferring a survey to another account||If you must transfer a survey to a different Sogolytics account, ensure that you are absolutely certain that the receiving account is the one you intend to send it to. To transfer a survey, you must enter the exact User ID of that account. The transfer process cannot be undone without action by the receiving account holder.|
If your survey contains PHI, it is your responsibility to ensure that such PHI is only disclosed to an appropriate recipient. This means that if you transfer PHI to another account, it is crucial that the receiving account must also be HIPAA-enabled.
|Collecting responses||We do not recommend the use of an Email Invitation Collector. Email Invitation Collectors email survey invitations to recipients with a unique survey link tied to a recipient’s email address. If respondents are able to edit their responses, a recipient of an email invitation could complete all or part of a survey and forward their unique survey link to someone else. This would allow the second recipient to view the first recipient’s responses, which may contain PHI.|
|Sharing survey results||Your survey results may contain PHI, so remember to only share survey results in a manner consistent with your HIPAA obligations. Only disclose results to authorized recipients.|