We take privacy seriously

At Phreesia, we're committed to patient privacy and keeping health information secure.

We are fully committed to the privacy and security of our users' data. Our administrative, technical and physical safeguards are designed to secure and protect the information consumers trust us to use in service of their health goals. Under the Health Insurance Portability and Accountability Act (HIPAA), Phreesia is defined as a “business associate,” which is an individual or entity that is not a member of the “covered entity's” (i.e., the healthcare provider's) workforce and performs certain functions involving the use or disclosure of protected health information (PHI) on behalf of the covered entity. As a business associate, Phreesia is subject to, and committed to, all applicable HIPAA privacy and security requirements.

Phreesia's Provider clients can configure and direct intake tools on the Phreesia Platform to collect their patients' information. Phreesia may collect other information and request certain permissions from Provider clients to ensure our products and services are functioning and for other permissible purposes.

In order for a patient to see content from Life Science or any other third-party sponsor, the patient must first provide a specific consent: patients are always welcome to decline this authorization and not see any third-party content, and declining the authorization does not impede check-in. If a patient agrees to receive additional content, it may only appear after check-in is complete.

Phreesia's privacy and security procedures

Phreesia's privacy and security procedures include the following safeguards:

Phreesia is HITRUST-certified, SOC 2-certified, and PCI Level 1-compliant. Phreesia also is listed on the most current lists of PCI Level 1 service providers for both Visa and Mastercard.


If you have any questions, comments, or concerns about Phreesia's privacy processes, or the use of this site in general, please contact us by email at privacy@phreesia.com.