Any attribute stored in our system can be marked as PII (Personally Identifiable Information) and PHI (Protect Health Information). This ensures it’s logged anytime it’s read or updated.
Anytime PHI is accessed in our system, we log it. This ensures HIPAA compliance in the event of a breach.
All of our vendors are HIPAA-compliant
All third-parties processing PHI have signed a BAA (Business Associate Agreement) with Great Question. We encourage customers to sign one with us, too.
Both PII & PHI is obfuscated by default
This is set by default for most user roles and can be configured to meet the needs of your team.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
What’s the difference between PHI and PII?
Protected Health Information (PHI) is any health information that includes any of the 18 elements identified by HIPAA. Personally Identifiable Information (PII) is defined as data used in research that is not considered PHI and is therefore not subject to the HIPAA Privacy and Security Rules.
What is a BAA?
A Business Associate Agreement (BAA) establishes a legally-binding relationship between HIPAA-covered entities and business associates to ensure complete protection of PHI. This type of agreement is necessary if business associates can potentially access PHI during their work.
How do I get started with Great Question’s HIPAA Solution?
Great Question’s HIPAA solution is an add-on to our Enterprise plan you can choose to purchase. Great Question Enterprise customers who purchase the HIPAA add-on can enter into a BAA with us.
Privacy & Security
Are you SOC 2 compliant?
Yes, we have completed our SOC 2 Type 2 examination. This represents our organizations commitment to security for our customers data.
How do you track incentives sent outside of Great Question?
Our integration with the incentive platform Tremendous allows our customers to send incentives to over 80 countries worldwide. For those customers that would prefer to send their incentives in a different system, it’s easy to update the status of those incentives on each study participant.
Is it easy to share research across my organization?
It’s easy in Great Question to share your research findings via our Slack integration, or you can easily tag and compile findings in our research repository. This is all part of the platform.
