I looked at the files. I'm even more concerned now. 
You attached a PHP file. If I'm understanding this correctly, the user uses the Hype generated web page to load the PHP file. The PHP file then returns data based on the username entered. Is that right?
I didn't see a password for the user. Is user validation that planned for later? Again, be very careful! Hackers are crafty! Also, what counts as PII is a very low bar. Maybe I'm overly cautious these days, but the rules have changed. There's the GDPR and lots of states in the US are getting tougher too.
I don't know for sure, as I'm having trouble getting past the security issues. AHHHH!
But in general, not considering the security issues, you're just getting data from a database and displaying it in Hype. That should be theoretically possible.
It's sorta a combination of these two tutorials...
The PHP creates the JSON, which should be trivial with json_encode()
The Hype project, using jQuery, could then get the data using getJSON
But again, medical data... AHHHH!
Searching the forums might help too...
https://forums.tumult.com/search?q=php%20json
I'm not sure if you'll find an exact match for the solution you're looking for, but this post kinda echos the general idea here.
- User posts to the PHP file from the Hype project...
- PHP generates the JSON...
- jQuery eats up the JSON...
nom nom nom...- Elements in the Hype project are changed based on the retrieved data
That's the general idea... but again... THE PROJECT NEEDS TO BE SECURED TOO! Gotta watch out for SQL Injections and other nasty stuff.
But going back to the beginning. You said... "can someone point me in the right direction" ...does that work for you? 