Go to

HIPAA and HDS Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States law that regulates the collection and handling of “protected health information” (PHI).

The Hébergeurs de Données de Santé (HDS) is a French law that regulates hosting of the personal health data.

SurveyLab provides general research software and other services.

We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the SurveyLab system.

The following procedures and features required by HIPAA are activated by default on your account (Professional and Enterprise plans) :

  • System is regularly monitored, updated, and patched.
  • Servers are ISO 27001 certified.
  • We perform regular risk assessments of the system.
  • Data backup plans are implemented.
  • System is secured with WAF (Web Application Firewall).
  • SSL / HTTPS. The system and all survey links are SSL-secured with a 256-bit certificate (RSA 2048 bit).
  • System logs. We log user activity and can provide you with the system logs on request.
  • 2-Factor Authentication.
  • Password security policy management.
  • Automatic logoff.  User will be automatically logged off after inactivity in the system that is longer than 60 minutes.

NOTE. The Health Insurance Portability and Accountability Act of 1996 (HIPAA or the Kennedy–Kassebaum Act) was signed by President Bill Clinton in 1996. It was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.

The Hébergeurs de Données de Santé (HDS, Health Data Hosting) is a French regulation for personal health data hosting. HDS was issued by ASIP SANTÉ (French Ministry of Health agency) which is responsible for promoting electronically based healthcare solutions in France.

* HIPAA and HDS compliant features are available in the Professional and Enterprise plans.

Related pages