In light of Mental Health Awareness month, which is observed every May, we’ve put together an overview of some best practices when it comes to handling sensitive data gathered in patient surveys, staff surveys, and other health related questionnaires.
What is sensitive data?
Survey responses can include personal, identifiable, or confidential details that respondents don’t want to be shared publicly. Under the GDPR regulations, health-related data is considered to be ‘sensitive’ and subject to specific processing conditions.
Best practice for handling sensitive data
Keep respondents informed
It’s always important to let your survey respondents know what you will do with their data – where it will be kept, for how long, and how it will be processed or used. Include a privacy notice in the email survey invitation or on the first page of the survey.
You also need to ensure you are entitled to process personal data – find out more about handling personal data under the GDPR regulations here.
If you’re gathering data for research that doesn’t need to be associated with a specific respondent, then conducting an anonymous survey is a good way to handle sensitive data. You can either make a survey completely anonymous, so that you don’t collect personally identifiable data in the first place, or remove identifiers after the data collection has taken place.
Online surveys should be shared using a secure HTTPS survey link. This will ensure that survey data is encrypted from the point that it’s entered into a questionnaire and throughout transfer to an encrypted database. For added security, you could store survey data on your own servers, so that you have complete control over where it is and how it’s accessed.
Questionnaire log ins
Control access to a survey by creating a password for a questionnaire link, so that only specific respondents can log in and complete the survey.
Limit access to survey data
By setting up multiple user accounts within the survey software you’re using, you can limit access to survey responses. This will ensure that only individuals or teams that need to see results will have access to any sensitive data that’s included in the responses.
Handling sensitive data with Snap Survey Software
Snap Survey Software has been certified to ISO 27001 since 2013, and offers a number of features to ensure sensitive data is collected securely and kept safe throughout the whole survey process.
- Choose to store data on US or UK based servers, or you can install Snap’s survey management system on to your own servers.
- Secure survey links and data encryption from collection, through to transfer and storage.
- Option to set up questionnaire log ins
- Enforced password policy for survey management.
- Daily backups, permanent malware scanning, and daily vulnerability scans.