Alchemer customers can create HIPAA (Health Insurance Portability and Accountability Act) and FERPA (Family Educational Rights and Privacy Act) compliant surveys by following the guidelines below.
- Enable Multi-Factor Authentication (MFA) to add an extra layer of security to your Alchemer account.
- Enable Project Data Encryption
- Enabling project data encryption may slow survey building performance.
- Surveys are encrypted on a per survey basis and must be enabled or toggled on for each individual survey.
- Use Secure SSL links for your survey share links
- For HIPAA, have a signed copy of our Business Associate Agreement (BAA). Customers should contact us to sign a BAA.
Based upon your usage of Alchemer, and because we offer advanced features and much flexibility, please note that there are features that could potentially lead to issues with HIPAA and FERPA. There may be other features not listed here that could cause concern, based on your usage. Reach out to us if you have any concerns.
- Email Actions - Data sent with Email Actions is not encrypted.
- File Library - Data is not encrypted in the File Library.
- Third-Party Integrations (e.g., Google Spreadsheet, Salesforce, etc.) - Data transfers via Third-Party Integrations are secure and encrypted. Before setting up integrations we recommend checking with the third-party service provider to ensure that data is encrypted at rest.
Deleting Response Data
Visit our Permanently Delete Data help article for instructions on deleting survey response data that contains PHI, PII, and that was either encrypted or un-encrypted. It’s a best practice for your HIPAA and FERPA compliance to make sure that your PHI/PII data is stored in as few places as possible!
If you have any questions on an advanced or not-so-advanced use of an Alchemer feature that you or your compliance team have questions on when it comes to HIPAA and FERPA, get in touch with us.