The form data is encrypted on submit and transmitted over TLS/SSL (with included encryption). At rest, the data is stored on AWS RDS database that uses AES-256 encryption. Here is more on the RDS encryption: LINK
Each submitted form has unique double-key AES-256 encryption.
Below is a dataflow diagram of the PHI data after submit.