April 11, 2024

HIPAA Compliant User Research with Rally

April 11, 2024

We are excited to announce that Rally has achieved HIPAA compliance! 

HIPAA (Health Insurance Portability and Accountability Act) compliance signifies that Rally adheres to strict security and privacy standards set by the U.S. Department of Health and Human Services. This compliance ensures that protected health information (PHI) is handled and stored securely, safeguarding participant confidentiality and privacy.

As a compliant User Research CRM, Rally has signed BAAs with all third party integrations & vendors that process PHI.

Rally is committed to the protection of not only our customer’s data, but their user’s data as well. This is our latest effort to ensure our platform meets the rigorous requirements of appropriate data protection regulations. 

Rally’s Approach To Compliant Research 

Save Any Property as PII or PHI

Protect participant health information by marking any property in Rally as PII (Personally Identifiable Information) or PHI (Protected Health Information). 

Secure Participant Management

Safely sync contacts via our integrations with Snowflake and Salesforce. All participant names, emails and properties marked as PII and PHI are automatically masked for Observers. 

The Difference Between PII and PHI 

PII refers to any information that can be used to identify an individual. This includes things like names, email addresses, phone numbers, social security numbers, and even IP addresses. Essentially, if the data can be linked back to a specific person, it's considered PII.

Protected Health Information (PHI) is a subset of PII, but it specifically pertains to health information that is linked to an individual's medical history, diagnosis, treatment, or payment for healthcare services. This could include things like medical records, lab results, insurance information, and even conversations about health conditions. 

Safeguard sensitive participant data throughout the research process. Rally is HIPAA compliant, ensuring the highest standards of data protection and privacy.

Is your company a HIPAA Compliant business? Contact our team to learn more about our optional PHI Masking add-on.

Improvements and Fixes