The form data is encrypted on submit and transmitted over TLS/SSL (with included encryption).  At rest, the data is stored on AWS RDS database that uses AES-256 encryption.  Here is more on the RDS encryption: LINK

Each submitted form has unique double-key AES-256 encryption. 

As of March 2023, our AWS security policy includes TLS 1.3, which is optimized for security and performance, and backwards compatible with TLS 1.2.

Below is a dataflow diagram of the PHI data after submit.