There are three requirements to be HIPAA compliant while using Alchemer:
- A signed copy of our Business Associate Agreement (BAA). Customers should contact us to sign a BAA.
- Enterprise account holders should discuss their BAA needs with their Account Managers.
- Account holders who don't have Account Managers should contact our Sales team. Available on these Alchemer Plans: ProfessionalFull Access
- Fill out our BAA Questionnaire.
- Project Data Encryption
- Enabling project data encryption may slow survey building performance.
- Surveys are encrypted on a per survey basis and must be enabled or toggled on for each individual survey.
- Secure SSL links to your surveys
Non-Compliant Features
Because of the many advanced features of Alchemer, the evolving nature of our customers' ingenious uses of our platform as well as our own agile software development, there are features that could potentially lead to HIPAA issues. There may be other features not listed here that could cause concern, based on your usage. Reach out to us if you have any concerns.
- Email Actions - Data sent with Email Actions is not encrypted.
- File Library - Data is not encrypted in the File Library.
- Third-Party Integrations (e.g., Google Spreadsheet, Salesforce, etc.) - Data transfers via Third-Party Integrations are secure and encrypted. Before setting up integrations we recommend checking with the third-party service provider to ensure that data is encrypted at rest.
Deleting Response Data
Visit our Permanently Delete Data help article for instructions on deleting survey response data that contains PHI and that was either encrypted or un-encrypted. It’s a best practice for your HIPAA compliance to make sure that your PHI data is stored in as few places as possible!
If you have any questions on an advanced or not-so-advanced use of a Alchemer feature that you or your compliance team have questions on when it comes to HIPAA, get in touch with us. We're here to help and we love hearing from you!
For more information on HIPAA and Alchemer, visit our Privacy page.