SurveyMonkey is built to handle every use case and need. Explore our product to learn how SurveyMonkey can work for you.

Get data-driven insights from a global leader in online surveys.

Integrate with 100+ apps and plug-ins to get more done.

Build and customise online forms to collect info and payments.

Create better surveys and spot insights quickly with built-in AI.

Purpose-built solutions for all of your market research needs.


Measure customer satisfaction and loyalty for your business.

Learn what makes customers happy and turn them into advocates.

Get actionable insights to improve the user experience.

Collect contact information from prospects, invitees and more.

Easily collect and track RSVPs for your next event.

Find out what attendees want so that you can improve your next event.

Uncover insights to boost engagement and drive better results.

Get feedback from your attendees so you can run better meetings.

Use peer feedback to help improve employee performance.

Create better courses and improve teaching methods.

Learn how students rate the course material and its presentation.

Find out what your customers think about your new product ideas.


Best practices for using surveys and survey data

Our blog about surveys, tips for business and more.

Tutorials and how-to guides for using SurveyMonkey.

How top brands drive growth with SurveyMonkey.

Contact SalesLog in
Contact SalesLog in

The role of HIPAA in collecting patient experience feedback

As a professional working in the healthcare industry, you’ll no doubt be familiar with the Healthcare Insurance Portability and Accountability Act (HIPAA) and the relevance for your data collection, reporting and storage activities. However, if you’re starting to think about collecting patient experience feedback, it's worthwhile revisiting HIPAA regulations to make sure you’re up to date. Failure to consider HIPAA in research can have major ramifications. Research shows that while HIPAA breaches cost approximately $200 per victim, the courts usually award around $1000 per victim. Given the colossal size of the financial penalties now being issued for violation of HIPAA regulations, it is crucial that you know how HIPAA will impact your efforts to gather patient experience data.

In the age of Covid-19, it's also important to note that the types of organizations that gather HIPAA data have been extended to non-healthcare organizations. For example, employers and other business entities might gather data on whether workers have contracted the virus, or their vaccination status.  These organizations also have to be vigilant about HIPAA regulations. So, even if you’re not a healthcare professional, you might find our guide useful.

Read on for more information about the HIPAA regulations, the kinds of information that are protected and what you’ll need to think about when designing patient feedback research.

Under HIPAA regulations, any information created, gathered, stored or transmitted by a HIPAA-covered entity that could identify an individual patient is considered protected information. What do we mean by a HIPAA-covered entity? There are three main types:

  1. Any organization that provides patients with a healthcare plan, such as a healthcare provider
  2. Any healthcare clearinghouse. These are organizations that process healthcare information on behalf of other organizations, such as repricing companies, billing services and community health information systems
  3. Any healthcare provider that electronically transmits data protected data about patients such as benefit eligibility inquiries, claims, or referral authorization requests.

While employers are generally not classified as Covered Entities under HIPAA regulations, in practice, they are bound by the same rules when collecting, storing, or transmitting protected health information (PHI): increasingly important in the Covid-19 era.

What exactly is PHI? Under the terms of HIPAA, PHI is considered to be individually identifiable information about patients’ current or future health status. PHI is generated, used or disclosed about patients in the course of healthcare provision and delivery. For example, it might emerge during conversations between physicians and nurses regarding the treatment of patients or may be written down on forms, communications and other types of documentation. Examples of protected health information include:

  • Patient diagnoses
  • The results of MRIs, X-rays or blood tests
  • Billing information 
  • Doctor or clinical appointments
  • Prescriptions
  • Records of communications between doctors

When PHI isi in digital form, it is commonly referred to as ePHI or electronically Protected Health Information or ePHI. For example, ePHI might be transferred by email, stored on a server, or found on a computer hard drive. Most of the rules of HIPAA apply equally to PHI and ePHI. However, the Security Rule of HIPAA is focused on the implementation of technical, administrative and physical safeguards to ensure the integrity and sanctity of electronic PHI specifically. 

Although PHI is the more commonly used term, you may also have heard the term Individual Identifiable Health Information, or IIHI. PHI and IIHA are interchangeable and refer to the same information - any piece of healthcare information that could enable the patient to be identified. 

HIPAA plays a major role in the protection of patient rights. Let's take a look at some of the considerable benefits of these regulations for patients.

  • Patients have more control over their information. The main benefit of HIPAA is that by setting boundaries over the way in which health records are used, released and shared, patients are able to find out how their information is used. HIPAA empowers patients to control certain uses and disclosures of their protected information.
  • It allows patients easier access to their records and data. Patients have the right, for example, to obtain a copy of their health records, to request corrections to those records in the event of inaccuracies, and to find out about which aspects of their information have been disclosed, and to whom.
  • Under HIPAA, patients have more protection against the unauthorized release of PHI. This is because HIPAA limits the release of personal data to the minimum that is reasonably needed for the purpose of the disclosure.
  • It holds violators accountable. Data breaches under HIPAA are taken very seriously. Patients can hold violators of the regulations accountable, and there are civil and even criminal penalties for violators.

Of course, HIPAA creates certain challenges for healthcare providers, particularly with relevance to their ability to collect patient experience feedback.  Some of the key challenges that you will need to be aware of when gathering patient feedback data include:

  • Technical challenges. These are challenges associated with controlling access to data, controlling data integrity and controlling data transfer. For instance, when storing PHI, you will need to restrict access only to authorized personnel. In addition, only authorized personnel should be granted the right to destroy files, and data transfer must be conducted in a secure way. Take a look at how SurveyMonkey’s features help to ensure that data storage, integrity and transfer takes place in accordance with HIPAA regulations. 
  • Research challenges. HIPAA regulations mean that it can be more challenging to conduct research. In particular, there are restrictions around the use of patient data which you should be aware of.  Patients will need to sign a release before you can use their data for research purposes.  For some tips on how to collect data in a way that is HIPAA compliant, including tips on sharing surveys and collecting responses, see our useful guide.

Clearly, HIPAA was designed with patient rights firmly in mind, and there are many benefits for patients when healthcare providers are HIPAA compliant. However, it's also important to remember that following HIPAA regulations also protects healthcare providers:

  • It creates a culture of compliance.  Oftentimes, data breaches and violations of data protection regulations occur inadvertently, because organizations have assigned responsibility to compliance to one department, or even to one individual. HIPAA makes it clear that all healthcare professionals and anyone who comes into contact with PHI is responsible for protecting this data. Therefore, HIPAA helps to create a culture of compliance in which all stakeholders see themselves as accountable for information security.
  • Privacy rules steer healthcare providers towards building better security.  In the digital age, data security is more important than ever before. HIPAA rules and regulations may seem stringent, but they serve as a vital reminder that organizational infrastructure needs to be designed in a way that protects it against data breaches - which can be both costly and devastating for patients. 
  • Data sharing is facilitated. Many patients - especially those with complex medical needs - will be served by multiple healthcare providers, and we are moving to a time when sharing of data across organizations in a safe and secure way will be increasingly necessary. HIPAA has helped drive changes in the way that records are stored, which can make sharing information easier when it’s permitted. 

Read more about how SurveyMonkey can help with HIPAA compliance here.

Over the past few years, the proportion of medical expenses that patients have had to bear has grown steadily. One of the consequences of this development is that patients are increasingly becoming active participants in the healthcare that they receive. As a result of rising deductibles, insurance premiums and out of pocket medical expenses, patients want to make sure that they’re getting value for money. Dissatisfied patients will not think twice about moving to a new healthcare provider. That means that gathering patient feedback is more important than ever before. Capturing insight into patient experiences - whether good or bad - can help you to ensure that patients are getting the bang for their buck that they expect, and will help you to fix any issues before they vote with their feet.  Specifically, gathering patient feedback helps you to:

  • Improve overall patient experience. There’s little point investing hours of time and thousands of dollars in developing strategies to improve patient experience unless you actually ask your patients what they want. And, the best way to do that is through clear and dedicated data collection efforts, like a survey. That’s because patients often will not give you their opinion of their experiences unless you explicitly ask for feedback.  For the fullest possible picture, we recommend an approach that both examines the experiences of individual patients as well as one which looks for patterns across patients and groups of patients (such as patients in similar demographic groups, or those that have similar medical conditions). By taking a two-pronged approach, you’ll be well placed to be able make patient care more personalized, while ensuring the patient care is delivered in an inclusive way. 
  • Address Diversity, Equity and Inclusion (DEI)  in the delivery of healthcare. The specific needs of many categories of patients - like patients with disabilities, the elderly, and children - often go unheard. Gathering patient feedback and analyzing data according to demographic groups can help you make sure that the needs of the most vulnerable groups are being fully addressed.
  • Track changes in patient satisfaction over time. If you don’t address problems with patient experience,  you run the risk of losing patients to competitors. That means that you need to gather patient feedback regularly, rather than taking a one-and-done approach. When you regularly ask patients for feedback, you’ll be able to identify critical incidents that have the potential to significantly impact patient satisfaction. Equally, when making improvements to the quality of care, you’ll be able to track feedback over time in order to discern improvements in patient satisfaction. 
  • To improve the quality of care.  With well-designed patient feedback surveys and processes of data collection, you’ll soon be armed with critical insight that you can use to design care that is high quality and responsive to patient needs. We recommend gathering as much data as possible to put you in the best position to deliver superior care at every stage in the patient journey. This includes data such as:
    • Wait times
    • Ease of scheduling appointments
    • Service expectations and perceptions of the quality of the care delivered by physicians and other healthcare professionals
    • Level of professionalism
    • Communication
    • Perceptions of the infrastructure, such as the cleanliness of bathrooms
  • To benchmark your performance. The healthcare industry is a competitive one, like any sector. Gathering patient feedback is vital in evaluating your performance in comparison to other healthcare providers. You can compare patient feedback and satisfaction to compare yourself against other, comparable practices, compare the performance of individual physicians across the average performance across the entire organization, to evaluate  improvements over time.

So, as you can see, HIPAA has major implications for the way in which you gather, store, share and use protected health information. Sound challenging? SurveyMonkey already has the features in place to ensure HIPAA compliance.  And, to learn more about how other healthcare organizations are gathering patient feedback data in a way that is HIPAA compliant, see this article.

Healthcare Leader

Healthcare leaders can use this toolkit to help them better understand the patient and employee experience.

Patient registration form template

Seamlessly collect patient registrations with our fully customisable, HIPAA-compliant patient registration form template.

Client intake form template

Efficiently onboard clients with our customisable client intake form template. Get started today!

Patient intake form template

Efficiently onboard patients with our customisable Patient Intake Form template. Gather medical information seamlessly using the intuitive SurveyMonkey form builder.