The form data is encrypted on submit and transmitted over TLS/SSL (with included encryption). At rest, the data is stored on AWS RDS database that uses AES-256 encryption. Here is more on the RDS encryption: LINK
Each submitted form has unique double-key AES-256 encryption.
As of March 2023, our AWS security policy includes TLS 1.3, which is optimized for security and performance, and backwards compatible with TLS 1.2.
Below is a dataflow diagram of the PHI data after submit.