Is Qualtrics HIPAA Compliant?
UIC’s agreement with Qualtrics includes a Business Associate Agreement. This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. While Qualtrics meets the “physical safeguard” component of HIPAA, compliance with federal laws and university policy is decided on a case-by-case basis by the UIC Institutional Review Board.
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
- Following any additional steps required by your unit to comply with HIPAA.
- Sensitive data, including PHI, may be collected and stored in Qualtrics for non-clinical purposes only (for example, research and hospital quality improvement initiatives). Qualtrics should not be used for any clinical applications that deliver, document, or otherwise contribute to the care of individual patients