Survey Security & Privacy
Qualtrics may be used to store and transmit Low, Moderate, and High Risk Data, as defined by the Information Security Office, and summzarized in the right column.
As an application permitted to handle PHI, Qualtrics follows strict minimum security standards, however that does not relieve Stanford or its employees, partners, consultants, or vendors of further obligations that may be imposed by law, regulation or contract.
Below are some practices you can implement to add more security to your surveys.
The data is intended for public disclosure
The data is not generally available to the public
Protection of the data is required by law/regulation
Enabling security enhancements for using Qualtrics with PHI
If you are using a 'public' survey URL to collect PHI in a Qualtrics survey, you should disable the Save and Continue function in 'Survey Options' page prior to publishing the URL. This feature, if enabled, allows a second user to potentially resume a partially completed / abandoned survey initiated by a previous user on a shared computer or device.
If your survey displays summary information upon completion, allows the 'Back' button, or using piping this could lead to the potential exposure of the first user’s data to the second user.