Qualtrics & Business Associate Agreements
Qualtrics obtained HITRUST CSF certification for at least one of their products according to the company’s security page. This is unquestionably an affirmation of commitment to data privacy and security. Additionally, in the Qualtrics discussion thread, there has been mention of their ability to sign a business associate agreement.
Qualtrics and HIPAA Compliance Features
To be considered HIPAA compliant, software platforms must have security features available to ensure the privacy and security of protected health information (PHI).
Qualtrics enables all required security features for compliance, including:
All data in transit and at rest must be encrypted using industry-standard encryption algorithms. This ensures that PHI is protected from unauthorized access, theft, or loss.
Limit access to PHI to authorized individuals only. These controls include role-based access, two-factor authentication, and password policies.
Maintain audit logs of all activities related to PHI, including access, modification, and deletion. These logs enable entities to monitor and detect unauthorized access or breaches.
- Data Retention & Disposal
Securely deleting PHI when it is no longer needed, as well as securely disposing of hardware and media that contain PHI.