Create HIPAA and FERPA Compliant Surveys

Leading Practice

Alchemer has a suite of security features that may allow customers to create HIPAA (Health Insurance Portability and Accountability Act) and FERPA (Family Educational Rights and Privacy Act) compliant surveys. See the features noted below that may assist in meeting your data security requirements:

  1. Enable Multi-Factor Authentication (MFA) to add an extra layer of security to your Alchemer account.
  2. Survey Encryption:
    • All response data is encrypted at-rest using AES-256
    • All connections to Alchemer systems are encrypted in-transit using TLS 1.3
  3. For HIPAA, you may need to execute a Business Associate Agreement (BAA:
    • Customers should discuss their BAA needs with their Customer Success Managers.
    • Customers without a Customer Success Manager should contact our Sales team
    • Not sure if you need a BAA? Fill out our BAA Questionnaire.

Please note that Alchemer cannot provide legal advice to customers. You are highly encouraged to consult with in-house counsel or compliance teams to determine the particular requirements for data you may be collecting.

Non-Compliant Features

Based upon your usage of Alchemer, and because we offer advanced features and much flexibility, please note that there are features that could potentially lead to issues with HIPAA and FERPA. There may be other features not listed here that could cause concern, based on your usage. Reach out to us if you have any questions regarding Alchemer features and functionality.

  • Email Actions - Data sent with Email Actions is not encrypted.
  • File Library - Data is not encrypted in the File Library.
  • Third-Party Integrations (e.g., Google Spreadsheet, Salesforce, etc.) - Data transfers via Third-Party Integrations are secure and encrypted. Before setting up integrations we recommend checking with the third-party service provider to ensure that data is encrypted at rest. 

Deleting Response Data

Visit our Permanently Delete Data help article for instructions on deleting survey response data. It’s a best practice when subject to HIPAA and FERPA to ensure any PHI/PII is stored in as few locations as possible.

If you have any questions on an advanced or not-so-advanced use of an Alchemer feature that you or your compliance team have questions on when it comes to HIPAA and FERPA, get in touch with us

For more information on Alchemer's Privacy Policy, visit our Privacy page.

Basic Standard Market Research HR Professional Full Access Reporting
Free Individual Team & Enterprise
Feature Included In