The Impact of the Health Insurance Portability Act (HIPAA) and the Privacy Act on Online Survey Research

Legislation like HIPAA and the Privacy Act have important implications for online survey research, particularly when it comes to the health industry. This is an issue that many health researchers should be wary of. Health data, while important for many studies, is widely considered to be among the most personal information a researcher or organization can ask for. As a response to people’s need for privacy and a researcher’s need for health information, both the USA (with HIPAA) and Canada (with the Privacy Act) created legislations to define rules on how this data can be collected and used. We decided it would be useful to let you know some tips to abide by to ensure the privacy of your respondents and the legality of your research.

4 Privacy Rules of Thumb

1) No obligation to provide information: The first and most important rule is that no person is obligated to provide information to an organization in regards to their health information. This means that surveys cannot have any mandatory health questions or pressure people into revealing health issues that they or their family members may live with. However, any person can provide their health information if they so choose. For this reason, it is important that your respondents realize their answers are optional and would be greatly appreciated. Providing the reason for the study in your introduction will also make your respondents less suspicious and more willing to give honest answers.

2) Personal health information cannot be provided to other organizations: After responding to your survey, your respondents have entrusted you with information that is personal and private to them. It is now your organization’s responsibility to not allow other companies or organizations to have access to the data.

3) Information can only be used for its collected purpose: Your respondents may have agreed to complete your survey, but this does not mean that the information is at your disposal. Instead, a researcher must make certain that the collected data is used for its original purpose. This ensures that respondents are not taken advantage of or misled by an organization that sees further use in the information researched.

4) Information cannot be altered: Altering answers in anyway breaks the agreement between the researcher and the respondent. A person’s health information cannot be tampered with in any survey, so researchers should tread lightly when manipulating data results for their reports. Stay vigilant when grouping answers into categories that you are not misrepresenting some of your sample.

Privacy vs Research

As research professionals, our careers rely on the gathering and analysis of information. Many times this information will be personal and require the researcher to respect not only the privacy of the respondents but the laws they fall under. In order to learn more about the privacy laws in USA and Canada go ahead and check out the HIPAA and Privacy Acts. If you are interested in learning about FluidSurveys’ methods of keeping its data secure check out this link to our security policies. Until next time, happy surveying!

FluidSurveys Presents

Free Survey Q&A

Join our survey & research expert Rick Penwarden as he answers all of your questions every Wednesday at 1PM EST!


  • Syed says:

    Is Fluid Survey compliant with Canadian HIPAA and Privacy Act?

    • RickPenwarden says:

      Hi Syed,
      Yes, FluidSurveys is fully compliant with the Canadian HIPAA and Privacy Act. We provide all the tools you need to remain compliant. Let us know if you have any specific questions!

Leave a Reply

Your email address will not be published. Required fields are marked *