On further thought, to confirm a user only replies once, the user must be authenticated, either by WP or AD. Once this is done, the user cannot be fully assured their answers are anonymous. They have to take your word for it. I suppose making the source code available for examination may assuage some fears.
Anyway, this makes the hash thing moot. Simply store a value in user meta when the user submits the form. If the value is already there, reject the form. This is unrelated to how the answers are stored, thus anonymity is maintained.
If the answers are stored in a separate table, a simple inspection would show there can be no correlation between any particular row and any particular user. For further transparency, if possible, tally the answer results directly into accumulators upon submission, such that there is not even a record of the individual form answers, only a summation of all the answers is maintained.
My apologies for any confusion. Furthermore, I'm unable to provide any actual code on how you would implement this. If I had something already written, I would provide it, but for this, I'd be starting from scratch.