The HIPAA-compliant UX research platform

Protect your customers’ health data and maintain HIPAA compliance at every step of the research process.

Contact sales
Great Question's Panel UI with the HIPAA seal of compliance
Securely import customer health data from Salesforce or Snowflake into Great Question

Securely import your customers’ health data

Our integrations with Salesforce and Snowflake make it safe and easy.
Contact sales

Mark any custom
attribute as PHI

Any attribute stored in our system can be marked as PII (Personally Identifiable Information) and PHI (Protect Health Information). This ensures it’s logged anytime it’s read or updated.
Contact sales
Mark any custom data attribute Protected Health Information (PHI)

Your health data is safe with us

PHI logging icon

All access to PHI is logged
in our system

Anytime PHI is accessed in our system, we log it. This ensures HIPAA compliance in the event of a breach.
HIPAA-compliant vendors icon

All of our vendors are
HIPAA-compliant

All third-parties processing PHI have signed a BAA (Business Associate Agreement) with Great Question. We encourage customers to sign one with us, too.
PHI and PII obfuscation icon

Both PII & PHI is obfuscated by default

This is set by default for most user roles
and can be configured to meet the needs of your team.

Frequently asked questions

What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
What’s the difference between PHI and PII?
Protected Health Information (PHI) is any health information that includes any of the 18 elements identified by HIPAA. Personally Identifiable Information (PII) is defined as data used in research that is not considered PHI and is therefore not subject to the HIPAA Privacy and Security Rules.
What is a BAA?
A Business Associate Agreement (BAA) establishes a legally-binding relationship between HIPAA-covered entities and business associates to ensure complete protection of PHI. This type of agreement is necessary if business associates can potentially access PHI during their work.
How do I get started with Great Question’s HIPAA Solution?
Great Question’s HIPAA solution is an add-on to our Enterprise plan you can choose to purchase. Great Question Enterprise customers who purchase the HIPAA add-on can enter into a BAA with us.

Privacy & Security

Are you SOC 2 compliant?
Yes, we have completed our SOC 2 Type 2 examination. This represents our organizations commitment to security for our customers data.
How do you track incentives sent outside of Great Question?
Our integration with the incentive platform Tremendous allows our customers to send incentives to over 80 countries worldwide. For those customers that would prefer to send their incentives in a different system, it’s easy to update the status of those incentives on each study participant.
Is it easy to share research across my organization?
It’s easy in Great Question to share your research findings via our Slack integration, or you can easily tag and compile findings in our research repository. This is all part of the platform.