It is our understanding that an online survey tool cannot be “HIPAA compliant” as there are no compliance or certifying agencies which approve and “certify” software solutions. We try to follow best security practices with all personal and confidential information.
I will try to get a better answer for you but in the mean time if you have any specific requests regarding how we can follow HIPAA best practices, please let us know, as we’re not experts in this area.
I do hope you can obtain some better answers soon - it woud help our assessment enormously (I see this query has generated over 100 views.. I imagine it's on a few people's requirements lists).
Clarification - my query is not about the 'tool/software' itself, but more in relation to the platform/hosting... predominantly this issue relates to the security and privacy of DATA.. patient data...
I would appreciate responses to each of my 4 questions, but, if Q3 is addressed firstly, that would also help greatly.
Look forward to hearing from Adobe soon.
The HIPAA Security Rule is a standard designed to protect patient information in the electric age. FormsCentral is a service that is designed to create and provide web based forms for business and casual users to present to the public. As such, Adobe has taken "reasonable" precautions against data piracy, but these are at a business level and not meant to be utilized in a regulated industry, and as noted before, it is not intended for use with personally identifiable or confidential information. For example while forms can be created and presented over HTTPS, they can also be created and shared via unsecured HTTP, where none of the data in transit would be encrypted. Also, the form results can be aggregated into a document/spreadsheet and not only are all of the results in clear text, but the results document could be shared with anyone as there are no controls placed on it. Similarly, FormsCentral does not have a role based access schema and form field controls, so a form could be created that asks for Personal Information and there would be no security controls around securing, encrypting or limiting that data. So again, while Adobe Forms Central performs above and beyond when looking at it from a standard business context, there are aspects that are not in line with HIPAA security standards.