Privacy Policy


The Patient Safety Group (PSG) is a division of QuestionPro, Inc. PSG helps healthcare organizations improve their safety culture by learning from their own staff. PSG provides patient safety and quality tools, including surveys taken by healthcare staff, because staff are often in the best position to notice safety and quality issues and suggest valuable steps for improvement.

PSG is committed to protecting the privacy of those who use our services.


This Privacy Policy explains how PSG handles and protects personally identifiable information of our users. Users include healthcare staff who take surveys and otherwise communicate with us, as well as healthcare organization employees who are authorized to work with the results of surveys and other tools.

Services of QuestionPro, Inc. that are not part of PSG are covered by the Privacy Policy for QuestionPro.

Survey Responses from Healthcare Staff

PSG surveys are designed to protect the confidentiality of the healthcare staff who take them. The intent is to enable your healthcare system to learn from your input without knowing which responses came from you or from any other individual. While complete anonymity of survey responses cannot be guaranteed, our goal is to make the survey results anonymous before sharing them with the healthcare organization. Individuals’ responses to survey questions are aggregated (grouped) with the responses of others in the same organization to help prevent responses from being individually identified. Typically, responses for one department will be grouped together before they are shared with the healthcare organization management. However, in order to protect privacy, if a particular department is small, employees’ responses for that department may be grouped with data from other departments before the combined responses are shared with healthcare organization management.

Free-text Comments

In addition to multiple-choice questions, most surveys include the opportunity to provide free-text comments. (“Free-text comments” means a comment box where you can write in whatever you want, as opposed to just answering structured questions.) These comments can be very instructive to healthcare organizations. However, with free-text comments, there is an inherent risk that the details provided might end up identifying the person commenting. In order to reduce this risk, PSG will aggregate free-text responses as described above before providing them to management. Nonetheless, the details you provide in free-text comments may still allow others in your healthcare organization to guess your identity. Please take this into account when providing free-text comments.

Collection of your Personal Information

1. Information Collected from All Visitors to our Website

We may use cookies, web beacons, and similar technologies to help us verify your identity upon return visits to PSG, improve your user experience with our services, and improve and measure the effectiveness of our products. We may also use web beacons in communications with you to assure proper operation of the service, such as determining if a message to you was delivered and opened. We may also use third-party web analytic tools to analyze website traffic or improve our services. As an example of technologies we may implement, we may use cookies to allow you to complete a survey you had previously started, without requiring you to start over from the beginning of the survey.

We will not, however, use cookies, web beacons, or similar technologies to track users for targeted advertising, nor will we authorize anyone else to do so.

As background, cookies are small text files that websites can send to your browser, which your computer stores, that can automatically collect server domain names, IP addresses, type of computer, type of browser, and information about what pages are visited. You can set your browser to decline cookies or notify you before accepting cookies, although if you decline them, the website may not function properly. Web beacons are small bits of code embedded in web pages or emails that can be used to communicate with cookies, count visitors, and understand usage patterns.

2. Information Collected from Users Who Create an Account

If your role at your healthcare organization involves analyzing the results of safety culture surveys or other tools provided by PSG, you may have the opportunity to create a PSG account. If you create a PSG account, you will be asked for certain personal information such as your name, email address, etc. It is important that you provide accurate information. You will also create a password. We will protect this information, and we will use and disclose it only in the ways we describe in this Privacy Policy.

While analyzing survey results, you may have the opportunity to add a comment or annotation, e.g., to document an idea you have about a potential improvement for your healthcare system. Colleagues in your healthcare organization who have the privilege to see any given data can usually also see annotations that have been made about that data, along with the name of the person who made the annotation. The purpose of these annotations is to facilitate collaborative analysis and problem solving within your organization. Please keep that in mind when adding comments or annotations.

Information Use and Sharing by PSG

Routine Uses and Disclosures

  • We will use the information you provide to communicate with you and provide services to you and your organization.

  • In the course of running our business, we share some personally identifiable information with third-party vendors, such as technology vendors. Such disclosures are subject to contractual controls over how they protect, use, and disclose the information.

  • With permission from the healthcare organization that sponsored the survey, we may publish or share de-identified copies of comments made by survey-takers. A federal medical privacy law named HIPAA (the “Health Insurance Portability and Accountability Act”) creates a standard for what it means to de-identify health data. Although we are not subject to that law, we meet or exceed the HIPAA de-identification standard when we de-identify comments prior to publishing or sharing them.

  • We will create statistical, de-identified information about how our users answer certain survey questions. We will allow healthcare organizations who use our services to compare their responses with benchmarks derived from this statistical, de-identified information. We may also publish such statistical, de-identified information, such as in a research article or an educational blog post.

Unusual Disclosures We Might Make Without Your Consent

  • We will disclose information based upon a reasonable belief that the disclosures are required by law, including information requested via subpoenas, discovery requests, and court orders.

  • We may disclose information to law enforcement authorities, the sponsoring healthcare organization, or others if we reasonably believe the disclosure is needed to respond to a threat of physical harm to patients or others, to defend or assert legal rights on the part of PSG or others, or in connection with an investigation of illegal, dangerous, or fraudulent activity.

  • If we were to transfer assets or operations in connection with a sale, merger, bankruptcy, or other transaction, we may transfer personally identifiable information to the merging or acquiring entity. If so, we would make a good faith effort to require that your personally identifiable information remains subject to essentially the same restrictions as in our Privacy Policy.

We will only disclose personally identifiable information about you in the ways we explain here.


We are committed to maintaining the security of personal information. We use appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. If we share personal information with vendors, we subject them to strict contractual and legal controls regarding the protection, use, and disclosure of the information.

There is always some risk that unauthorized, wrongful, or illegal access to your information could occur or that data sent over the Internet could be intercepted. If you have a PSG account, we urge you to create a strong password and protect it carefully.


We do not knowingly collect personally identifiable information from children under 18 years old.

“Do Not Track” Disclosure

Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. PSG’s website currently does not respond to such browser-initiated signals.


We may modify this Privacy Policy at any time, although we expect that most changes will only be editorial in nature or reflect changes in the services we offer. However, in the unlikely event that we would ever make material changes that would permit us to share your information more broadly than we have previously described, we would ask you to consent to the new Privacy Policy before it applied to you. If you did not consent, many of the features offered by the Site would be unavailable to you.

Contact Us

PSG welcomes your comments. If you have any questions or concerns about this Privacy Policy or our information practices, please contact us at [email protected]. If you have technical or general support questions, please contact us here.

The current version of the Privacy Policy will be dated and posted here.

Effective Date

This Privacy Policy is effective July 19, 2023.