Protecting What Donors Share with PHI Detection

Introducing PHI Detection for Healthcare Partners

A grateful patient reaches out to your institution. When sharing why they want to give, they mention their diagnosis, their physician, and the treatment that changed their life. It's a deeply human moment, but a data liability.

Human gift officers face this every day. Over time, they develop judgment about what goes into the CRM and what doesn't. They know when to document and when to leave something out. They understand, without being told, that a donor's trust extends well beyond their philanthropic intent.

Autonomous Fundraising must work the same way.

When Care and Philanthropy Overlap

For healthcare donors, care and philanthropy are often inseparable. A grateful patient supporting the cardiac unit isn’t just a donor — they’re a patient. And when they explain why they want to give, they often share details that are protected health information: a diagnosis, a medication, a physician's name, a date of surgery.

The disclosure is meaningful. But that data carries real risk when it enters a system not built to handle it.

This has always been true for human fundraisers. As our work with healthcare partners grew, it became true for us too. We made deliberate choices early on to limit the data a VEO needs from healthcare partners to engage donors effectively. But as VEOs took on more healthcare portfolios, a new challenge emerged: a VEO receives the same kinds of sensitive disclosures as a human gift officer. It was clear that Autonomous Fundraising needed PHI compliance and safety built into every donor conversation.

PHI Detection

When a donor message contains protected health information — a condition, a medication, a physician's name, a date of treatment — our PHI Detection automatically replaces that detail with a clean placeholder before storing it in any system or passing it back to a CRM.

The donor's intent is fully intact. The sensitive data is not.

Instead of a raw disclosure, the team sees something like "my [MEDICAL_CONDITION-DX_NAME]" or "Doctor [PROTECTED_HEALTH_INFORMATION-NAME]." The message is still readable. The gift officer still understands what the donor was trying to say. But PHI doesn't persist in the system.

Two Levels, Because Every Organization is Different

PHI Detection is opt-in and tunable per organization, with two configuration layers.

The first is a screening level:

• Off skips detection entirely.

• Clinical catches medical conditions, medications, and treatments only

• Full covers everything Clinical catches, plus names, dates, phone numbers, and addresses.

The second is a global on/off switch. 

Once an organization is set to Clinical or Full and that switch is on, redaction fires automatically on every inbound message.

We developed these two levels in close collaboration with our healthcare partners to ensure alignment with each organization’s policies on self-disclosed information.

The Baseline of How We Work with Healthcare Partners

The trust that makes a healthcare advancement program work is the same trust that requires careful handling of what donors share. A donor who discloses a diagnosis is trusting the institution fully. There's no margin for error when sensitive data and donor relationships are in the same room.

PHI Detection is a direct reflection of that responsibility. A VEO still manages donor portfolios, surfaces giving opportunities, and converts unmanaged donors into revenue. But now, when those donors share something deeply personal, that detail doesn't follow them through the system.

If your organization works with healthcare donors and you want to see PHI Detection in practice, schedule a demo.