Topics Map > Research > Surveys for Research > Qualtrics
Is Qualtrics HIPAA Compliant?
UIC’s agreement with Qualtrics includes a Business Associate Agreement. This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. While Qualtrics meets the “physical safeguard” component of HIPAA, compliance with federal laws and university policy is decided on a case-by-case basis by the UIC Institutional Review Board.
The Qualtrics survey tool is available for use by UIC faculty, staff, and students in support of the university's educational mission and organizational goals.
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
- Following any additional steps required by your unit to comply with HIPAA.
- Sensitive data, including PHI, may be collected and stored in Qualtrics for non-clinical purposes only (for example, research and hospital quality improvement initiatives). Qualtrics should not be used for any clinical applications that deliver, document, or otherwise contribute to the care of individual patients