Privacy and Security in Healthcare
At Phreesia, privacy and security are our top priorities–not boxes to be checked during a once-a-year review. At each and every level of our organization, we foster a culture focused on safeguarding patient data. We’re honored to have those efforts recognized with many of the industry’s most well-known certifications.
HITRUST CSF Certification (2021)
Phreesia achieved HITRUST CSF certification, giving our clients peace of mind that we meet trusted security benchmarks.
Payment Card Industry Data Security Standard (PCI-DSS)
As a PCI DSS Level 1 Service Provider, Phreesia is committed to upholding industry security standards for cardholder data.
Security Organization Control (SOC) 2 Type 2
Phreesia has completed the SOC 2 Type 2 certification process to evaluate our security, availability and confidentiality protocols.
PCI Point-to-Point Encryption (P2PE)
Phreesia’s PCI-validated solution enables healthcare organizations to accept P2PE credit and debit card payments.
Find Phreesia listed under Bluefin Payment systems
If you have a question or concern or if you would like to request additional documentation regarding these certifications, email
Please do not send any sensitive personal or health information to this email address.
If you are a patient, please contact your healthcare provider directly.
View our responsible disclosure policy.