CivicOptimize forms are secure for collecting Personally Identifiable Information (PII) and some Protected Health Information Data (PHI Data), but not HIPAA data (Health Insurance Portability and Accountability Act) or Payment Card Industry Data (PCI Data).
For this reason, do not request the following information on any forms:
- Credit card/debit card information (use the CivicPlus Pay integration for this information)
- Medical information such as diagnoses, treatment information, medical test results, and prescription information
Types of data that can be collected with CivicOptimize Forms:
- A name, including the full name of the individual, their maiden name or mother’s maiden name, and any alias they may use
- Email addresses and physical addresses such as street addresses, zip codes, and county
- Telephone and fax numbers
- Driver’s license number, passport number, or social security number
- Vehicle identifiers and serial numbers, including license plate numbers
- Certificate or license numbers
- Information about an individual that is linked to their place of birth, date of birth, religion, activities, geographical indicators, or educational data
- Asset information, such as MAC address or IP, as well as other static identifiers that could consistently link a particular person
- Bank account information
- Medical record numbers
- Health plan beneficiary numbers
- Device identifiers and serial number
- Biometric identifiers, including finger and voiceprints
- Personally Identifiable Information (PII) has numerous official definitions, depending on what agency or state law/policy you read, but in general, it is defined as any information that can be used to identify an individual directly or indirectly, such as a name, email address, Social Security Number or IP address.
Sensitive PII (SPII) is generally defined as any PII that if lost, stolen, or disclosed without authorization could result in significant harm to an individual.
Protected Health Information (PHI) is a specific type of Sensitive PII that is collected by a healthcare provider or other covered entity for the provision of healthcare services. This information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which requires HIPAA-covered entities and their business associates to implement specific technical and operational safeguards to protect PHI.
The PII, Sensitive PII, and PHI identification charts below were compiled from information gathered from the Department of Homeland Security’s Handbook for Safeguarding Sensitive Personally Identifiable Information and the U.S. Department of Health and Human Services.
Personally Identifiable Information (PII)
- Home Address
- IP Address
- Phone Number
- Any other information that can uniquely identify someone
Sensitive PII (SPII)
|Stand-Alone||Any PII Combined With the Following|
Protected Health Information (PHI)
Health Information (physical, electronic, or spoken) + Identifier + collected by a HIPAA-Covered Entity or School or University or Employer or Business Associate of a HIPAA-Covered Entity + in relation to the provision of healthcare or payment for healthcare services.
|Health Information||Identifiers||HIPAA-Covered Entities||Business Associates of