Phreesia Partners with Bluefin to Offer a PCI-Validated Point-to-Point Encryption (P2PE) Version of its Payments Product

Phreesia is a SaaS-based patient intake management company that enables healthcare organizations to reach their financial, operational and clinical goals. Phreesia’s innovative payment applications get in front of every patient, processing transactions and increasing collections. The company’s platform integrates with leading practice management and electronic health record systems, and manages intake for over 70 million patients annually.

Through its partnership with Bluefin, Phreesia will provide a PCI-validated P2PE solution to clients that request it, with no change to the payment transaction flow. Phreesia’s P2PE solution includes the PhreesiaPad, Arrivals and the Phreesia Dashboard.

Bluefin enables PCI-validated P2PE on partner platforms with their Decryptx® Decryption as a Service (DaaS) product, which allows gateways, applications, and processors to directly connect to Bluefin for the P2PE service.

“We think this offering is important to a group of our clients, and this partnership will allow us to make a P2PE-certified version of our product available to support them,” said Phreesia CEO Chaim Indig.

Bluefin’s PCI-validated P2PE solution secures credit and debit card transactions by encrypting all data within a PCI-approved point of entry device, preventing clear-text cardholder data from being available in the device or the merchant’s system where it could be exposed to malware. Data decryption is only done offsite in a Bluefin hardware security module (HSM).

“Healthcare organizations are a lucrative target for cyber criminals,” said Greg Cornwell, SVP of Security Solutions for Bluefin. “Now more than ever, securing patient information is important, and organizations like Phreesia understand the need to offer their clients PCI-validated P2PE. We are thrilled to partner with Phreesia because they put security at the top of their priorities.”

Benefits of a PCI-validated P2PE solution for organizations and enterprises include reduced PCI compliance and scope, time and money saved on annual audits, and the assurance that the technology has been vetted and approved by the PCI Security Standards Council (SSC).

About Phreesia

Phreesia gives healthcare organizations a suite of applications to manage the patient intake process. Our innovative SaaS platform engages patients in their healthcare and provides a modern, consistent experience, while enabling healthcare organizations to optimize their staffing and enhance clinical care. Learn more at

About Bluefin

Bluefin provides the leading payment security platform that supports payment gateways, processors and ISV’s in more than 20 countries. Bluefin’s secure payment platform is key to the holistic approach to data security. Designed to complement EMV and tokenization, Bluefin’s PCI-validated Point-to-Point (P2PE) solutions provide a solid security defense against current and future data breaches. Bluefin supports point of sale solutions for retail, mobile, call center and kiosk/unattended environments, and secure Ecommerce technologies. Bluefin is a Participating Organization (PO) of the PCI Security Standards Council (SSC) and is headquartered in Atlanta, with offices in New York, Chicago, Tulsa and Waterford, Ireland. For more information, please visit