- Posts: 11756
- Thank you received: 2753
Welcome to the LimeSurvey Community Forum
Ask the community, share ideas, and connect with other LimeSurvey users!
LimeSurvey and HIPAA compliance
- holch
- Offline
- LimeSurvey Community Team
Now if more than one person at the same time might fill in the survey you should separate the server and the client (computer/browser where the questionnaire is filled in) physically. E.g. if your secretary has a computer that is always on, when the practice is open, then you could install it on this computer. Ideally this "server" is connected to the router via a cable and not Wifi, but it can also work with Wifi.
Then you need to find out, what the internal IP of this "server" is. Your office most probably has two kind of IPs. The public one, that is given to you by your ISP and that identify your office (or better your router) on the internet. But internally, the router needs also addresses for each computer/device that is connected to the local area network. That would be what I call the internal IP. They are not accessible from the internet (there are exceptions, but I assume that is not your case). These IPs are usually either static or dynamically assigned by the router (DHCP). For your survey to run properly, the IP of your "server" (device where limesurvey is installed) should be static, because otherwise it can happen that the IP changes over time (e.g. when you switch off the server overnight, the next day it might have a different IP).
So you should talk with the person that set up your network in the office. If it is you, you should have a look at the administration of your router. It usually gives you the option to assign static IPs to certain devices.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
- brainpsych
- Topic Author
- Offline
- New Member
- Posts: 8
- Thank you received: 0
Jelo - what does "local OC" mean?
Holch - The distinction between SAS and SaaS is not something that I am understanding from the link. Sorry.
Also, I assume a tablet could be on the same wireless network as the host computer - it doesn't need to be connected via ethernet?
Also, I assume there would be something easily done to make an Ipad only allow the individual to access one program - i.e., the browser pointed at the survey?
- brainpsych
- Topic Author
- Offline
- New Member
- Posts: 8
- Thank you received: 0
I think I'll skip running a server on the tablet itself. There is a Ubuntu Installer for Android, but I'd need to get the data off of there and back it up/look at and to do this I'd presumably need to use my network - probably with less robust encryption options that I'd have with a host computer and a tablet.
So, I think you answered all of my questions and connecting the "server" to the router directly is easy and I assume the tablet can access the server via wifi?
Thanks so much. I really appreciate everyone's time.
- jelo
- Offline
- Platinum Member
- Posts: 5070
- Thank you received: 1263
Sorry, I hit O instead of the P key.brainpsych wrote: Jelo - what does "local OC" mean?
I meant local PC.
You can safely ignore the content of the link for your problem.brainpsych wrote: Holch - The distinction between SAS and SaaS is not something that I am understanding from the link. Sorry.
Yes, correct.brainpsych wrote: Also, I assume a tablet could be on the same wireless network as the host computer - it doesn't need to be connected via ethernet?
It depends on the App you will use as browser. Search and watch out for "kiosk mode" which describes a mode where everything is locked to a certain application so that the tablet or pc cannot be misused.brainpsych wrote: Also, I assume there would be something easily done to make an Ipad only allow the individual to access one program - i.e., the browser pointed at the survey?
E.g. www.webascender.com/Blog/ID/447/How-to-S...iPad-to-Just-One-App
or support.apple.com/HT5509
The meaning of the word "stable" for users
www.limesurvey.org/forum/development/117...ord-stable-for-users
- holch
- Offline
- LimeSurvey Community Team
- Posts: 11756
- Thank you received: 2753
Installing Limesurvey on a tablet: I have done it with an Android tablet already. There are apps that install the webserver and then you just need to install Limesurvey on that webserver, just as you would for a hosted service.
But I think the best solution is to have it running on a "server" (can be an ordinary computer) at your office. The tablet can access the "server" easily via WIFI through the router.
For the possibility to only allow one application (the browser) on the tablet, as Jelo said, search for kiosk mode.
Never used it, but you should find a solution there.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.
- jboogie21
- Offline
- Senior Member
- Posts: 45
- Thank you received: 7
Based on my understanding (by no means am I an expert!!), to be HIPAA compliant the data must be secured/encrypted. That is the "easy" part especially when dealing with local data/PHI (Protected Health Information). However, most people are connected to the internet, and SaaS providers are becoming increasingly popular. Using SaaS providers increases risks. This increased risk is related to the transmission of PHI across servers that a service provider like brainpsych (assuming he/she is a health care provider of some sort) have no control over. Reputable SaaS providers will offer a Business Associates Agreement (BAA) which makes them liable for any security breaches. Basically, a BAA typically states that the SaaS provider will make sure PHI is safe/secure AND will inform the end user of any breaches. So in sum, to be HIPAA compliant PHI needs to be secured, and when using the internet there needs to be an audit trail should anything go awry.
So to circle back to brainpsych's original question, something else to consider is the type of information he/she is soliciting. If it is unidentifiable data, a SaaS provider like limeservice.com might be an option.
- Ben_V
- Offline
- Platinum Member
- Posts: 1223
- Thank you received: 351
jelo wrote: Search and watch out for "kiosk mode" which describes a mode where everything is locked to a certain application so that the tablet or pc cannot be misused
For mac users I recommend Icab a very great and stable browser allowing kiosk mode...
There is also a similar IOS app (I've never tested)
Benoît
EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
Last Releases => 2.6x.x goo.gl/ztWfIV | 2.06/2.6.x => bit.ly/1Qv44A1
Demo Surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
- brainpsych
- Topic Author
- Offline
- New Member
- Posts: 8
- Thank you received: 0
Thank you all very much for your thoughts. Often times software that has all support done via forums can be a frustration for new users, but I have been very pleasantly surprised by this community.
Yours,
Colin
- Ben_V
- Offline
- Platinum Member
- Posts: 1223
- Thank you received: 351
Plugin for limesurvey that enables asymmetric response encryption.
Benoît
EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
Last Releases => 2.6x.x goo.gl/ztWfIV | 2.06/2.6.x => bit.ly/1Qv44A1
Demo Surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
- Mazi
- Offline
- Official LimeSurvey Partner
Ben_V wrote:
jelo wrote: Search and watch out for "kiosk mode" which describes a mode where everything is locked to a certain application so that the tablet or pc cannot be misused
For mac users I recommend Icab a very great and stable browser allowing kiosk mode...
You can now use the new Limesurvey Android app "OfflineSurveys" to run any Limesurvey survey in kiosk mode at any Android device, see www.offlinesurveys.com
Best regards/Beste Grüße,
Dr. Marcel Minke
Need Help? We offer professional Limesurvey support: survey-consulting.com
Contact: marcel.minke(at)survey-consulting.com
- r0bis
- Offline
- Senior Member
- Posts: 60
- Thank you received: 7
I am also a just a doctor looking into anonymous collection of patient responses in an outpatient psychiatry centre with two teams providing service.
Considering HIPAA/DPA requirements I would think it would be best to err on the side of caution and not have any patient identifiable information there. I would go for the following setup:
*** Hardware:
1) XAMPP server without a LAN connection (much less opportunity for remote hacking)
2) computer physically secured - as much as reasonable (no easy access + cable-locked)
3) HDD is encrypted (probably just home directory)
*** Software:
1) Patients have their unique PINs - at first they only see a screen with request to enter their PIN in kiosk mode browser
2) PIN lets computer know which service survey to present to the user
3) Patient does a quick survey with 3 mandatory slider type questions AND has an option to enter free text in the box below
4) The idea here is to let people respond in as easy and hassle-free way as possible
*** Data analysis - cyclical:
1) Once a week I connect to the computer with my laptop via ethernet crossover cable
2) I log into the admin interface and download data in R format from web admin interface
3) On my laptop I run a weekly report analysis script on the data in R
4) Analysis script is done in such a way as to provide printable graphs for the whole period and printable text responses for the last week. These are used to provide feedback to the teams and the patients.
### Question:
What I am most thinking about at this stage is - how to connect the PIN and the survey. I do not think that Limesurvey would support such a PIN kind of authentication. I think that probably I need to set up a website (maybe a static one) which compares the PIN entered to the list it has and then displays the survey page. I am wondering also if the PIN might be passed to Limesurvey and used as a token? How to best do it is a bit unclear to me at this stage. Effectively I want the same people (patients) use the same survey to track their response change over time (typically over 2 years).
I thought that alternatively I might set up a two-page survey where the first page just asks for the PIN and the next page is the rest of the survey. However I am not sure how I would error-check the PIN entry; the only way I imagine would be perhaps if the first page PIN entry was a conditional question, but this sounds a bit awkward, especially if numbers got high. The max population expected over 2 year window would perhaps be about 300.
Your thoughts would be very much appreciated
Rob
r0berts
- holch
- Offline
- LimeSurvey Community Team
- Posts: 11756
- Thank you received: 2753
You could increase the number of "uses" by increasing "uses left" of the token. This means someone with this specific token could fill in the survey as many times as you give them "uses" for this token.
I answer at the LimeSurvey forum in my spare time, I'm not a LimeSurvey GmbH employee.
No support via private message.