Can Salesforce encrypt sensitive data like, PII and PHI data?

As companies move more sensitive data to the cloud, they may want additional mechanisms to protect that data. All customer data is encrypted in transit via https, using Transport Layer Security. For customers who want to encrypt data at rest, Salesforce offers customers the ability to seamlessly encrypt sensitive data at rest with just a few clicks. There is no additional hardware or software to manage and customers can encrypt PHI, PII, trade secrets, or other data on a field-by-field basis using point-and-click tools in an afternoon. As Platform Encryption is a native encryption at rest solution in Salesforce, customers can continue to use important application functionality like search, workflow, and validation rules. Customers maintain full control over the keys and key lifecycle, ensuring the privacy and confidentiality of that data to meet both external and internal data compliance needs. Because Platform Encryption is built natively in Salesforce, data can be encrypted throughout the Salesforce ecosystem, including in partner apps built by ISVs on the Salesforce AppExchange.