Skip to main content

PHI Handling

Contains PHI

Most of what flows through the Zentake API is, or can contain, Protected Health Information (PHI). Build your integration accordingly, see Your responsibilities as an integrator below.

What counts as PHI in Zentake

Based on the resources the API exposes:

  • Patient records. Name, date of birth, contact details, address, and (via linked Responses) medical history and insurance data.
  • Response / Packet Response data, the actual answers a patient submits on intake and consent forms, which routinely includes medical history, medications, and insurance details.
  • Message content. SMS/email correspondence tied to a specific patient.
  • PDF Document. Generated documents that compile a patient's form answers.

Any field, export, or webhook payload derived from these should be treated as PHI in your integration, even if an individual field (like a patient_id) doesn't look sensitive on its own.

Where PHI does not apply

The is_anonymous flag on a Patient record indicates the patient was created from an anonymous/public intake link before their identity was confirmed. It is not a de-identification or anonymization feature — records created this way should still be treated as PHI.

Your responsibilities as an integrator

  • Keep X-API-SECRET server-side. It's a bearer credential for your whole team's PHI, see the warning in Authentication.
  • Don't log PHI into third-party tools (error trackers, analytics, general-purpose logs) without your own PHI handling review.
  • Scope what you fetch and store. Pull the fields your integration actually needs rather than mirroring full Patient/Response payloads into systems that weren't built to hold PHI.

How Zentake protects PHI beyond team scoping

  • Field-level encryption. Selected high-sensitivity secrets are encrypted at the application layer, on top of the platform-wide encryption at rest (see Encryption).
  • PHI masking in logging. PHI and PII are redacted before any data is sent to error-tracking and observability tooling, so sensitive values don't leak into logs.
  • Minimum-necessary access. Team-scoped credentials (see Access Controls) limit each integration to only the data belonging to its Team.