SSubrupt
Skip to content

Best HIPAA-Compliant Survey Tools of 2026

Updated · 4 picks · live pricing · affiliate disclosure

The enterprise research HIPAA pick shipping HIPAA standard on Research Core and XM enterprise tiers.

BEST OVERALL8.1/10

Qualtrics

The enterprise research HIPAA pick shipping HIPAA standard on Research Core and XM enterprise tiers.

Free Account for evaluation; Research Core custom contracts
Try QualtricsSee full review

How it stacks up

  • Free Account limited

    vs Jotform forms-heavy HIPAA add-on

  • Research Core ~$1,500/yr custom

    vs Google Forms Workspace HIPAA via BAA

  • Enterprise XM custom

    vs SurveyMonkey Premier per-seat HIPAA

#2
Google Forms6.9/10

From $14.40/mo

View
#3
SurveyMonkey6.7/10

From $25/mo

View

All picks at a glance

#PickBest forStartingScore
1QualtricsBest HIPAA-compliant survey tool enterprise researchFree8.1/10
2Google FormsBest HIPAA-compliant survey tool suite-bundled with Workspace$14.40/mo6.9/10
3SurveyMonkeyBest HIPAA-compliant survey tool mainstream enterprise$25.00/mo6.7/10
4JotformBest HIPAA-compliant survey tool forms-heavy add-on$39.00/mo6.4/10

Quick pick by use case

If you only have thirty seconds, find your situation below and skip to that pick.

If you are a small healthcare practice or clinical research team needing HIPAA at flat-tier priceJotformHIPAA add-on on Silver tier as flat-tier subscription with 10,000-plus templates including healthcare-specific.If your healthcare organization already runs Google Workspace with the BAA in placeGoogle FormsHIPAA via Workspace BAA leverages existing tenant; Sheets integration for healthcare data analysis.If you need brand recognition for respondent credibility in patient experience surveysSurveyMonkeyHIPAA on Team Premier with 1.7M paying users globally and the strongest brand recognition in the category.If you run academic medical center or pharmaceutical research with advanced methodologyQualtricsHIPAA standard on Research Core and Enterprise XM with conjoint analysis, panel access, and multi-language.

Compare all 4 picks

Top spec
#1Qualtrics8.1/10FreeFree Account limited
#2Google Forms6.9/10$14.40/mo$144.00/yrSave $427.20/yrWorkspace Business Standard $14.40/user
#3SurveyMonkey6.7/10$39.00/mo$468.00/yrSave $132/yrFree 40 responses (no HIPAA)
#4Jotform6.4/10$49.00/mo$588.00/yrSave $12/yrSilver $49/mo (HIPAA add-on)
#1

Qualtrics

8.1/10

Best HIPAA-compliant survey tool enterprise research

Try QualtricsSee Qualtrics alternatives

The enterprise research HIPAA pick shipping HIPAA standard on Research Core and XM enterprise tiers.

PlanMonthlyWhat you get
Free AccountFreeFree single-user surveys-only tier with limited responses and basic question types
Research Core (Custom)CustomCustom-quoted Research Core typically starts ~$1,500/yr academic with advanced methodology, conjoint analysis, panel access
Experience Management EnterpriseCustomCustom-quoted enterprise XM tier with Customer, Employee, and Brand XM plus dedicated success

Qualtrics is the right HIPAA-compliant survey tool when enterprise research depth drives the choice. The wedge against every other HIPAA option is methodology: Qualtrics ships advanced research methodology including conjoint analysis, panel access, and multi-language survey deployment that academic medical centers and pharmaceutical research teams require. Founded 2002, Qualtrics is the dominant academic-research survey platform with HIPAA standard on enterprise tiers.

The Free Account covers limited responses with basic question types for evaluation. Research Core is custom-quoted starting around fifteen hundred dollars annually for academic use with advanced methodology plus conjoint analysis plus panel access plus multi-language. Experience Management Enterprise is custom-quoted with Customer XM plus Employee XM plus Brand XM plus dedicated success for hospital systems and pharmaceutical research teams.

The trade-off is the custom-quoted pricing that scales into five and six figures for enterprise contracts plus the steep learning curve compared to simpler tools. For enterprise research with HIPAA standard: Qualtrics wins. For cost-conscious HIPAA: Jotform Silver. For Workspace-anchored: Google Forms BAA. For mainstream enterprise: SurveyMonkey Premier.

Pros

  • HIPAA standard on Research Core and Enterprise XM tiers
  • Advanced methodology including conjoint analysis
  • Panel access for clinical and academic research
  • Multi-language survey deployment for global studies
  • Customer XM plus Employee XM plus Brand XM enterprise modules

Cons

  • Custom-quoted pricing scales into five and six figures
  • Steep learning curve versus simpler tools
Free Account limitedResearch Core ~$1,500/yr customEnterprise XM customFree Account for evaluation; Research Core custom contracts

Best for: Academic medical centers, pharmaceutical research teams, and hospital systems running enterprise research with HIPAA compliance.

Privacy
9
Speed
8
Ease
7
Value
7
Support
9
Try Qualtrics
#2

Google Forms

6.9/10Save $427.20/yr

Best HIPAA-compliant survey tool suite-bundled with Workspace

Try Google FormsSee Google Forms alternatives

The suite-bundled HIPAA pick running through existing Workspace BAA tenants with Sheets analysis.

PlanMonthlyAnnualWhat you get
Free (with Gmail)FreeFree unlimited forms and responses with Sheets integration and basic question types via any Gmail account
Workspace Business Standard$14.40/mo$144.00/yrCustom email domain, 2TB storage, branded forms, Vault and DLP, and admin controls at $14.40/user/mo
Workspace Business Plus$21.60/mo$259.20/yrAdds 5TB storage, eDiscovery, and compliance retention on top of Business Standard at $21.60/user/mo

Google Forms is the right HIPAA-compliant survey tool when existing Workspace adoption drives the choice. The wedge against every other HIPAA option is bundling: Google Forms ships HIPAA compliance through the Workspace Business Associate Agreement which most healthcare-adopted Workspace tenants already have signed. The form itself is unchanged across free Gmail accounts and paid Workspace tiers; HIPAA covers Workspace-tenant accounts with the BAA in place.

The Workspace Business Standard tier ships custom email domain plus two terabytes storage plus branded forms plus Vault and DLP plus admin controls as the realistic-buyer entry where HIPAA BAA is available. Workspace Business Plus adds five terabytes storage plus eDiscovery plus longer retention for healthcare organizations needing extended audit trails. The free Gmail tier does not include the BAA path.

The trade-off is the absence of payments collection, no custom domain on the form itself, and the limited conditional logic versus competitors. For Workspace-anchored healthcare teams: Google Forms wins on integration and cost. For broader template selection: Jotform. For mainstream enterprise: SurveyMonkey. For research-grade: Qualtrics.

Pros

  • HIPAA compliance through Workspace Business Associate Agreement
  • Existing Workspace tenants leverage the BAA already signed
  • Direct Sheets integration for healthcare data analysis
  • Vault and DLP plus admin controls on Business Standard
  • eDiscovery plus compliance retention on Business Plus

Cons

  • No payments collection or custom form domain
  • Limited conditional logic depth versus competitors
Workspace Business Standard $14.40/userBusiness Plus $21.60/userBAA via WorkspaceWorkspace 14-day trial with BAA path on paid plans

Best for: Healthcare organizations already on Google Workspace with HIPAA BAA who want survey tools bundled in the existing stack.

Privacy
9
Speed
10
Ease
10
Value
9
Support
8
Try Google Forms
#3

SurveyMonkey

6.7/10Save $132/yr

Best HIPAA-compliant survey tool mainstream enterprise

Try SurveyMonkeySee SurveyMonkey alternatives

The mainstream enterprise HIPAA pick shipping HIPAA on the Premier tier with brand recognition.

PlanMonthlyAnnualWhat you get
FreeFreeFree 10 questions per survey with 40 responses and basic question types (the marketing floor)
Team Advantage$25.00/mo$300.00/yrPer-user $25/seat with 15,000 responses/yr/user, custom branding, and A/B testing
Individual Advantage Annual$39.00/mo$468.00/yrSolo researcher tier at $39/mo with unlimited questions, 5K responses/yr, skip logic, and custom branding
Team Premier$75.00/mo$900.00/yrUnlimited responses with multilingual surveys, advanced logic, and question randomization at $75/seat

SurveyMonkey is the right HIPAA-compliant survey tool when mainstream brand recognition drives the choice. The wedge against every other HIPAA option is structural: SurveyMonkey has been the mainstream survey default since 1999 with one point seven million paying users globally and the strongest brand recognition in the category. The Team Premier tier ships HIPAA compliance plus unlimited responses plus multilingual surveys plus advanced logic for healthcare and clinical research teams that prioritize brand credibility with respondents.

The free tier covers ten questions per survey with forty responses without HIPAA. Team Advantage covers per-seat pricing with fifteen thousand responses yearly per user without HIPAA. Individual Advantage Annual ships unlimited questions with five thousand responses yearly. Team Premier at the realistic HIPAA-buyer entry ships unlimited responses plus multilingual surveys plus advanced logic plus question randomization plus the HIPAA BAA path.

The trade-off is the per-seat pricing model that compounds quickly at higher seat counts versus Jotform flat-tier HIPAA. For mainstream brand recognition with HIPAA: SurveyMonkey wins. For cost-conscious HIPAA: Jotform. For Workspace-anchored: Google Forms. For research-grade: Qualtrics.

Pros

  • HIPAA compliance on Team Premier tier
  • Most-recognized survey brand since 1999
  • 1.7M paying users globally for credibility
  • Multilingual surveys plus advanced logic on Premier
  • Unlimited responses plus question randomization on Premier

Cons

  • Per-seat pricing compounds at higher seat counts
  • HIPAA only on the highest paid tier
Free 40 responses (no HIPAA)Team Premier $75/seat (HIPAA)1.7M paying usersFree 40 responses; Team Premier per-seat with HIPAA

Best for: Healthcare and clinical research teams who need brand recognition for respondent credibility plus HIPAA compliance.

Privacy
8
Speed
9
Ease
9
Value
7
Support
8
Try SurveyMonkey
#4

Jotform

6.4/10Save $12/yr

Best HIPAA-compliant survey tool forms-heavy add-on

Try JotformSee Jotform alternatives

The forms-heavy HIPAA pick shipping HIPAA via add-on on the Silver tier with ten thousand templates.

PlanMonthlyAnnualWhat you get
StarterFreeFree 5 forms with 100 submissions/mo, 500 fields, and 100MB storage
Bronze$39.00/mo$408.00/yr25 forms with 1K submissions/mo, 10GB storage, conditional logic, and custom branding at $39/mo
Silver$49.00/mo$588.00/yr50 forms with 2.5K submissions/mo, the HIPAA compliance add-on, custom domain, and forms apps at $49/mo
Gold$129.00/mo$1,428.00/yr100 forms with 10K submissions/mo, 100GB storage, drag-and-drop apps, and advanced reports at $129/mo

Jotform is the right HIPAA-compliant survey tool when cost-conscious healthcare teams drive the choice. The wedge against every other HIPAA option is structural: Jotform ships HIPAA compliance as an add-on on the Silver tier with a flat-tier subscription rather than per-seat enterprise pricing. The total cost of HIPAA-compliant operation lands meaningfully below SurveyMonkey Premier or Qualtrics enterprise contracts for typical healthcare teams. Founded 2006 by Aytekin Tank, Jotform has held the broad-templates wedge with ten thousand-plus templates and two hundred-plus integrations.

The Starter tier covers five forms with one hundred submissions monthly on the free tier without HIPAA. Bronze adds twenty-five forms plus one thousand submissions plus conditional logic. Silver at the realistic-buyer entry adds the HIPAA compliance add-on plus custom domain plus forms apps. Gold unlocks one hundred forms with ten thousand submissions plus drag-and-drop apps plus advanced reports.

The trade-off is the visual complexity of the forms builder for users coming from simpler tools. For cost-conscious HIPAA-compliant healthcare teams: Jotform Silver wins. For Workspace-anchored healthcare teams: Google Forms via BAA. For enterprise research: SurveyMonkey or Qualtrics.

Pros

  • HIPAA add-on on Silver tier as flat-tier subscription
  • 10,000-plus templates including healthcare-specific
  • 200-plus integrations including EHR systems
  • Conditional logic plus payments collection
  • Founded 2006 with two decades of forms heritage

Cons

  • Visual complexity for users coming from SurveyMonkey simplicity
  • HIPAA add-on is paid layer on top of Silver tier base
Silver $49/mo (HIPAA add-on)Gold $129/mo (10K subs)10K-plus templatesStarter free 5 forms with HIPAA on paid Silver tier

Best for: Cost-conscious healthcare practices and small clinical research teams who need HIPAA Business Associate Agreement at flat-tier pricing.

Privacy
9
Speed
9
Ease
8
Value
9
Support
8
Try Jotform

How we picked

Each pick gets a transparent composite score from price, features, free-tier availability, and editor fit. Pricing flows from our live database, so when a vendor changes prices the score updates here too.

Composite weights: price 40%, features 30%, free tier 15%, fit 15%. Four picks subset to survey services with genuine HIPAA Business Associate Agreement availability. Tools without HIPAA (Tally, Typeform, Paperform, Formbricks) excluded. See parent /best/survey-tools for the broader lineup.

We don't claim "30,000 hours of testing." Our methodology is the formula above plus the editor's published verdict for each pick. Verifiable, auditable, and updated when the underlying data changes.

Why trust Subrupt

We're a subscription tracker first, a buying guide second. Every claim on this page is something you can check.

By use case

Best HIPAA forms add-on

Jotform

Read the full review →

Try Jotform

Best HIPAA suite-bundled

Google Forms

Read the full review →

Try Google Forms

Best HIPAA mainstream enterprise

SurveyMonkey

Read the full review →

Try SurveyMonkey

Best HIPAA research

Qualtrics

Read the full review →

Try Qualtrics

How to choose your HIPAA-Compliant Survey Tool

HIPAA survey math: which tier ships the BAA at what cost

HIPAA-compliant survey tools split four ways the buyer should match against cost structure and existing vendor relationships. Forms-heavy add-on (Jotform Silver) ships HIPAA at the cheapest credible flat-tier price for healthcare practices. Suite-bundled (Google Forms via Workspace BAA) leverages existing Workspace tenants without separate vendor onboarding. Mainstream enterprise (SurveyMonkey Premier) ships HIPAA at per-seat pricing with brand recognition. Enterprise research (Qualtrics Research Core or XM) ships HIPAA standard at custom-quoted enterprise contracts. Most healthcare buyers triangulate on cost plus existing-vendor fit plus research methodology depth. For full coverage including non-HIPAA picks, see [our /best/survey-tools guide](/best/survey-tools).

Business Associate Agreement basics for survey tools

A HIPAA Business Associate Agreement is a contract between the healthcare entity (covered entity) and the survey vendor (business associate) that establishes responsibilities for handling protected health information. Without a signed BAA, the survey vendor cannot legally store, transmit, or process PHI under HIPAA. Each vendor in this lineup ships the BAA path differently. Jotform Silver includes the BAA via paid HIPAA add-on. Google Workspace BAA covers Forms automatically when the BAA is in place at the tenant level. SurveyMonkey Premier includes the BAA on the per-seat enterprise tier. Qualtrics Research Core and Enterprise XM include the BAA standard. The free tiers across all four vendors do not include BAA coverage and cannot legally handle PHI.

Cost comparison across HIPAA-compliant tiers

Total cost of HIPAA-compliant operation varies meaningfully across the lineup. Jotform Silver lands at the lowest credible HIPAA flat-tier monthly cost which scales linearly with form volume rather than seat count. Google Forms Workspace Business Standard at fourteen dollars forty per user monthly for the BAA-eligible tier compounds with seat count but is bundled with Drive plus Gmail plus Calendar. SurveyMonkey Team Premier at seventy-five dollars per seat compounds quickly at five-plus seats. Qualtrics Research Core starts around fifteen hundred dollars annually for academic use and scales into five and six figures for enterprise contracts. For most small healthcare practices Jotform Silver fits best on cost; for Workspace-anchored organizations Google Forms is the path; for enterprise research Qualtrics is the standard.

Healthcare-specific feature considerations beyond HIPAA

HIPAA compliance is necessary but not sufficient for healthcare survey use cases. Important secondary features include EHR integration (Jotform integrates with Epic plus Cerner via partner connectors; SurveyMonkey integrates via Salesforce Health Cloud; Qualtrics integrates natively with Epic), patient-facing form aesthetics (Typeform style conversational forms but is not HIPAA-compliant; Jotform ships polished healthcare templates), payment collection for copays or fee-for-service intake (Jotform Silver ships Stripe payments; SurveyMonkey does not include payments), and panel-based recruitment for clinical research (Qualtrics ships panel access; others do not natively). Match the secondary features to your specific use case before defaulting to the cheapest HIPAA option.

Frequently asked questions

What is a HIPAA Business Associate Agreement and why does it matter?

A HIPAA BAA is a contract between a healthcare entity (covered entity) and a vendor (business associate) that establishes responsibilities for handling protected health information. Without a signed BAA the vendor cannot legally store, transmit, or process PHI. Free tiers on Jotform, Google Forms (Gmail), SurveyMonkey, and Qualtrics do not include BAA coverage. Healthcare teams handling any form data that includes PHI need a vendor with the BAA path active.

Is Jotform Silver really the cheapest HIPAA-compliant survey tool?

For most healthcare practices yes. Jotform Silver ships the HIPAA add-on as a flat-tier subscription rather than per-seat enterprise pricing. The total cost lands meaningfully below SurveyMonkey Team Premier per-seat pricing or Qualtrics enterprise contracts for typical healthcare teams. The trade-off is the visual complexity of the Jotform forms builder versus the simpler SurveyMonkey or Google Forms UI.

How does Google Forms HIPAA compliance work through Workspace?

Google Workspace ships a BAA that covers the entire Workspace tenant including Forms, Drive, Gmail, Calendar. Healthcare organizations on Workspace Business Standard or higher request the BAA through the admin console; once signed, all Workspace services can handle PHI. The free Gmail tier does not include the BAA. The form itself is feature-identical across tiers.

When does SurveyMonkey Team Premier HIPAA pricing make sense?

For healthcare and research teams with three or fewer seats where brand recognition matters more than cost. SurveyMonkey Team Premier per-seat compounds quickly above three seats. For five-plus seats Jotform Silver flat-tier or Google Forms Workspace BAA fit better on cost. For brand-recognition use cases like national patient experience surveys where respondents recognize the SurveyMonkey footer SurveyMonkey wins despite higher per-seat cost.

Is Qualtrics worth the enterprise pricing for HIPAA research?

For academic medical centers, pharmaceutical research, and hospital systems yes. Qualtrics ships advanced methodology (conjoint analysis, MaxDiff, panel access, multi-language) that competitors do not match. The HIPAA compliance is standard on Research Core and Enterprise XM rather than an add-on. For typical clinical research with validated methodology requirements Qualtrics is the standard. For simpler patient feedback surveys without research methodology needs Jotform Silver fits better.

Can I use Tally, Typeform, or Formbricks for healthcare surveys?

Not for surveys that include PHI. None of Tally, Typeform, or Formbricks ship a HIPAA Business Associate Agreement, which means they cannot legally process PHI under HIPAA. They can be used for non-PHI surveys (general patient experience metrics that exclude identifiable health information) but any form that touches PHI requires Jotform Silver, Google Workspace BAA, SurveyMonkey Premier, or Qualtrics.

How do I verify HIPAA compliance before signing up?

Three steps. Confirm the vendor publishes HIPAA documentation including BAA template language. Confirm the BAA is included in the tier you plan to subscribe to (free tiers do not include BAA). Sign the BAA before submitting any PHI. Jotform requires explicit HIPAA add-on activation; Google Workspace BAA is requested via admin console; SurveyMonkey BAA ships with Premier; Qualtrics BAA is included in Research Core and XM contracts.

How do these tools integrate with EHR systems like Epic or Cerner?

Varying integration depth. Qualtrics integrates natively with Epic for patient experience programs. Jotform integrates with Epic plus Cerner via partner connectors and Zapier. SurveyMonkey integrates via Salesforce Health Cloud which most major EHRs support. Google Forms integrates via Sheets which can route to EHR systems via custom integration. For tight EHR integration Qualtrics or Jotform partner connectors fit best; for loose integration Google Forms via Sheets is the simplest path.

Are there other HIPAA-compliant survey tools outside this catalog worth considering?

Yes. Cognito Forms ships HIPAA on the Pro tier as an add-on similar to Jotform. Wufoo (SurveyMonkey-owned) ships HIPAA on enterprise contracts. RedCap is the open-source academic-research standard from Vanderbilt with HIPAA compliance for institutional users at no cost. SimpleSurvey ships HIPAA on the Plus tier. None are in our paid catalog because the catalog focuses on credible mainstream picks, but RedCap especially is the academic-research standard for institutions with the infrastructure.

Does Subrupt earn a commission on these HIPAA-compliant survey picks?

On the Jotform Silver, SurveyMonkey Team Premier, and Google Workspace links where affiliate programs route through. Qualtrics enterprise contracts are typically direct sales without affiliate. Composite scoring weights price 40%, features 30%, free tier 15%, fit 15%, none tuned by affiliate rate. The rationales lead with cost-and-fit math rather than affiliate-friendly framing. The composite math is on the page.

Subrupt Editorial

The team behind subrupt.com. We track subscriptions, surface cheaper alternatives, and publish buying guides where the score formula is on the page so you can recompute it yourself. We do not claim 30,000 hours of testing. What we claim is live pricing from our database, a transparent composite score, and honest savings math against a category baseline.

Last reviewed

Citations

Affiliate disclosure: Subrupt earns a commission when you switch to a service through our recommendation links. This never changes the price you pay. We only recommend services where there's a real cost or feature advantage for you, and our picks are based on the data on this page, not on which programs pay the most.

Related buying guides

Buying guide

Best Threat Intelligence Platforms of 2026

Read guide

Buying guide

Best VPNs of 2026

Read guide

Buying guide

Best Free VPNs of 2026

Read guide

Track your subscriptions on Subrupt

Add the HIPAA-Compliant Survey Tool you pay for and see how much you'd save by switching.

Open dashboard

More buying guides

Independent rankings for the subscriptions worth paying for.

See all guides