Qualtrics is a cloud-based survey platform that enables researchers to create and distribute surveys, collect data, and analyze responses. It is widely used in academia, healthcare, and business. HIPAA (Health Insurance Portability and Accountability Act) regulates the use and disclosure of protected health information. This federal law is applied to covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. So, is Qualtrics HIPAA compliant?
Qualtrics & Business Associate Agreements
Qualtrics obtained HITRUST CSF certification for at least one of their products according to the company’s security page. This is unquestionably an affirmation of commitment to data privacy and security. Additionally, in the Qualtrics discussion thread, there has been mention of their ability to sign a business associate agreement.
Qualtrics and HIPAA Compliance Features
To be considered HIPAA compliant, software platforms must have security features available to ensure the privacy and security of protected health information (PHI).
Qualtrics enables all required security features for compliance, including:
- Encryption
All data in transit and at rest must be encrypted using industry-standard encryption algorithms. This ensures that PHI is protected from unauthorized access, theft, or loss.
- Access Controls
Limit access to PHI to authorized individuals only. These controls include role-based access, two-factor authentication, and password policies.
- Audit Logs
Maintain audit logs of all activities related to PHI, including access, modification, and deletion. These logs enable entities to monitor and detect unauthorized access or breaches.
- Data Retention & Disposal
Securely deleting PHI when it is no longer needed, as well as securely disposing of hardware and media that contain PHI.
Benefits of Qualtrics HIPAA Compliance
The benefits of using a HIPAA compliant platform are numerous.
Some of these benefits include:
- Security
Provide robust security measures that protect PHI from unauthorized access, theft, or loss. This ensures that covered entities can comply with HIPAA and avoid penalties.
- Flexibility
Enables covered entities to collect and analyze data in a secure and flexible manner. This enables researchers to conduct studies in healthcare without compromising the privacy or security of PHI.
- Efficiency
Streamlines the process of data collection and analysis, enabling covered entities to conduct studies in a more efficient and timely manner. This can result in cost savings and improved patient outcomes.
Is Qualtrics HIPAA Compliant?
Yes, Qualtrics is HIPAA compliant. This means that Qualtrics has implemented the necessary technical, physical, and administrative safeguards to protect PHI, as well as policies and procedures for compliance, breach notification, and risk analysis. Qualtrics has also signed a business associate agreement (BAA) with its customers who are covered entities or business associates. The BAA outlines the responsibilities of Qualtrics and its customers in protecting PHI and complying with HIPAA.
