Information submitted through webforms within Web Open is stored unencrypted. Due to this, webforms are secure for collecting PII, but not SPII, PHI, HIPAA, or PCI Data.
Do not request the following on any forms:
Social Security numbers
Driver's license numbers
Medical information
Passport numbers
Passwords
Financial information of any kind
Bank account information
Routing numbers
Credit card numbers
Any SPII
The following information can be requested:
A name, including the full name of the individual, their maiden name, and any alias they may use
Email addresses and physical addresses, such as street addresses, zip codes, and county
Telephone and fax numbers
Vehicle identifiers and serial numbers, including license plate numbers
Information about an individual that is linked to their place of birth, date of birth, religion, activities, geographical indicators, or educational data
Asset information, such as a MAC address or , as well as other static identifiers that could consistently link a particular person
Device identifiers and serial numbers
Definitions
PII has numerous official definitions, depending on what agency or state law/policy you read, but in general, it is defined as any information that can be used to identify an individual directly or indirectly, such as a name, email address, Social Security Number, or .
SPII is generally defined as any PII that, if lost, stolen, or disclosed without authorization, could result in significant harm to an individual.
PHI is a specific type of SPII that is collected by a healthcare provider or other covered entity for the provision of healthcare services. This information is protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which requires HIPAA-covered entities and their business associates to implement specific technical and operational safeguards to protect PHI.
Identification
The PII, SPII, and PHI identification charts below were compiled from information gathered from the Department of Homeland Security's Handbook for Safeguarding Sensitive Personally Identifiable Information and the U.S. Department of Health and Human Services.
PII
Email
Home Address
IP Address
Name
Phone Number
Any other information that can uniquely identify someone
SPII
Any PII Combined With the Following
Account passwords
Citizenship or immigration status
Criminal history
Date of Birth (DOB)
Last 4 digits of the SSN
Mother's maiden name
Ethnic or religious affiliation
Medical information
Personal financial information
Sexual orientation
Any other information that, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual
Stand Alone
Alien registration number
Biometric identifiers
Credit card number
Driver's license or state ID number
Financial account number
Passport number
SSN
PHI
Health Information (physical, electronic, or spoken) + Identifier + collected by a HIPAA-Covered Entity or School or University or Employer or Business Associate of a HIPAA-Covered Entity + in relation to the provision of healthcare or payment for healthcare services.
Identifiers
Account numbers
Biometric identifiers (such as retinal scan or fingerprints)
Certificate/license numbers
Dates, except the year
Device identifiers and serial numbers
Email addresses
Fax numbers
Geographic data
Full face photos and comparable images
Internet protocol addresses
Health plan beneficiary numbers
Medical record numbers
Names
SSN
Telephone numbers
Vehicle identifiers and serial numbers, including license plates
Web URLs
Any unique identifying number or code
Health Information
Allergies
Medications
Family medical history
Health histories
Health records
Lab test results
Medical bills
Past, present, and future health conditions or physical/mental health
Prognosis
Treatment/Rehabilitation plans
X-rays
Any other information about a person's health
HIPAA-Covered Entities
Most health care providers: Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing homes, Pharmacies
Health insurance companies
HMOs
Employer-sponsored health plans
Government programs that pay for health care, such as Medicare, Medicaid, and military and veterans' health programs
Clearinghouses: organizations that process nonstandard health information to conform to standards for data content or format, or vice versa, on behalf of other organizations
Business Associates of HIPAA-Covered Entities
Data analysis, storage, and transmission services
Legal and accounting services
Billing and benefit management services
Actuarial and claims processing services
Any other businesses that perform activities that require them to have access to patient health information in order to provide services for or on behalf of health industry entities
Web Open Webforms Disclaimer
Disclaimer: The information to be submitted on this form will be sent via email and stored in the database unencrypted. To protect sensitive information and comply with applicable data security requirements, do not request the following information on this form: Social Security numbers, driver's license numbers, medical information, passport numbers, passwords, or financial information of any kind, including, without limitation, bank account information, routing numbers, or credit card numbers. If you intend to collect sensitive information, please reach out to your account manager to discuss CivicPlus's secure form offerings.
IN ORDER TO MAINTAIN COMPLIANCE WITH DATA SECURITY REQUIREMENTS, CIVICPLUS MAY, AT ANY TIME AND IN ITS SOLE DISCRETION, UNPUBLISH ANY FORM THAT SOLICITS SENSITIVE INFORMATION WITH OR WITHOUT NOTICE TO YOU.