PHI traceability for fast-moving healthtech teams

Trace·Curate·Fix·Shipphiassessmentsleaksevidence

Phitrace traces Protected Health Information through your codebase: where it enters, how it moves, and where it exits. Your team reviews the assessment, fixes unsafe paths before they ship, and generates evidence when diligence, security, or compliance teams ask.

Join the betaWhy now

Trace

Every PHI flow in your codebase, from entry to exit.

sources +
  • form fields
  • api requests
  • database reads
  • upstream services
transforms +
  • redact
  • hash
  • date-shift
  • drop
exits +
  • third-party apis
  • browsers
  • logs
  • databases

Curate

Every flow arrives with an assessment. Review, edit, sign off.

§ finding #03
patient.email
→ logger.info()
☑ reviewed

Fix

Engineers fix the leaks before they ship.

§ patch · 3a7c4e2
− logger.info(email)
+ logger.info(mask(email))
leak resolved

Ship

Generate audit-ready evidence for any reader.

§ bundle
flows47
reviewed47/47
leaks0
evidence bundle
why now

AI ships fast. Buyers ask for proof. Regulators are raising the bar.

Healthtech teams are shipping more code, from more contributors, with more AI assistance. That makes it harder to know where PHI enters, how it moves, and where it exits. At the same time, diligence teams, enterprise customers, and compliance reviewers increasingly ask for proof that those flows are understood and controlled.

The proposed HIPAA Security Rule update points in the same direction: stronger expectations around asset inventories, ePHI movement, and documented risk analysis. Whether the pressure comes from regulation, customers, or diligence, the question is becoming the same: can you show where PHI goes?

Most teams already run DSPM, DLP, and SAST tools. Those cover real ground, but they are not built to answer one code-path question end to end: where did this PHI come from, what touched it, and where did it leave? That is the gap Phitrace fills.

public enforcement patterns

  • $47.5MKaiser Permanente. Tracking scripts transmitting PHI to Google, Microsoft, Meta and X. 13.4M members. Preliminary approval Dec 2025.
  • $12.25MAdvocate Aurora. Meta Pixel on the patient portal. 2.5M+ members.
  • $225KDeer Oaks. OCR attributed the violation to “a coding error in a since discontinued pilot online patient portal” that exposed discharge summaries for roughly 18 months.

aggregate industry exposure 2023 to 2025: over $100M in tracking pixel settlements alone.

The public bills are only one version of the problem. The quieter version happens earlier: a diligence team probing ePHI flows mid-round, or an enterprise customer pausing a review until you can show your work.

use phitrace when code-path proof matters
  • 01shipping AI-assisted healthtech code into productionpre-launch
  • 02merging generated, contractor, or inherited codepre-merge
  • 03going through technical diligence before a funding rounddiligence
  • 04facing diligence questions from an acquirerdiligence
  • 05answering an enterprise security questionnairesales
  • 06inheriting a healthtech codebasehandoff
  • 07responding to an OCR inquiry or auditaudit
what we look for

Where PHI enters. What happens to it. Where it exits.

Three checks per flow, frontend and backend. One reviewable assessment.

1
entry

Where PHI enters your code.

Form fields, API requests, database reads, upstream services. Phitrace identifies likely PHI at the point it enters the code path and grounds the assessment in HIPAA de-identification categories, not a generic security label.

2
transforms

Every change applied along the way.

Date shifts, redactions, hashing, field drops, export filters, and project-local helpers. Phitrace follows the transformation before judging the flow, so safely scrubbed data does not create unnecessary noise.

3
exit

How the code path actually leaves.

Logs, third-party APIs, browsers, databases, file writes. Phitrace shows where the data leaves and whether the path appears protected, exposed, or unclear.

→ one assessment per flow, client to server, ready for review

how scans become evidence

From your repo to your evidence trail, in three stages.

One workflow, three stages, with a review trail that compounds over time.

01
scan

Read what's in your code.

The scanner runs where your team already works: a developer machine, your CI runners, or our hosted environment. Your source code stays where it is. Phitrace only sends the structural metadata needed to build the review trail.

02
review

Curate the assessments in the portal.

Findings land in the portal with an assessment already attached. Your team reviews, edits, suppresses, or signs off. Every action carries a reviewer and timestamp.

03
ship

Hand off the evidence.

When your team is ready, the curated trail becomes an evidence bundle: PDF and structured data, with reviewer history intact.

how phitrace reads your code

Deterministic where it should be. AI-assisted where it matters.

Phitrace combines deterministic code analysis with AI judgment.

Deterministic code analysis

Deterministic analysis maps the structure of the codebase: where data enters, how it moves, what it touches, and where it exits.

AI judgment

AI helps with the parts that require context: recognizing likely PHI, understanding project-specific helpers, interpreting framework patterns, and separating meaningful risk from noise.

Together, they give your team a traceable starting point: reproducible enough to trust, flexible enough to handle real code, and structured enough to become evidence.

review once, carry the decision forward

Phitrace proposes. Your team reviews. The decision sticks.

Every flow lands in the portal with an assessment already attached. Your team reviews, overrides where needed, and signs off once. Future scans pick up from those decisions, so the same judgment does not need to be repeated.

  • Mark a value as not PHI. Mark an exit as protected. Correct an unclear transformation. Your edits persist.
  • Suppress a false positive once. It stays suppressed until the code path changes or your team revisits it.
  • Edits are branch-aware, so feature branches and main do not collapse into the same review state.
evidence when someone asks

One record for diligence, security, and audit.

Phitrace packages reviewed assessments into an evidence bundle: PDF and structured data, with the reviewer trail intact. You control what goes in, when it is sealed, and who sees it.

Investor diligence.

Answer ePHI flow questions with a reviewed record, not a fresh Slack thread.

Enterprise security review.

Support BAA conversations, questionnaires, and code-path attestations from the same source.

Regulatory review.

Show the relevant flows, assessments, reviewers, and timestamps from one curated trail.

who it's for

Built so engineering and leadership work from the same record.

developers
  • Each finding shows what the data is, where it came from, where it goes, and why Phitrace made the call.
  • AI-generated code is treated like any other code: traced, classified, and reviewed.
  • Developers can override false positives, mark exits as protected, suppress noise, and keep those decisions across scans and branches.
founders, CTOs, CISOs
  • See PHI flow risk without turning every question into a meeting.
  • Track reviewer identity and timestamps on every decision.
  • Keep an evidence pack ready for diligence, enterprise security reviews, BAA conversations, and audit response.
join the beta

Phitrace is opening to early healthtech teams soon.

If you write or own healthtech code that touches PHI, we'd love to put Phitrace in front of you. Early access is free. We ask for honest product feedback in return.

Drop your email and we'll be in touch when access opens.

We read TypeScript and JavaScript today. PHP, Java, and Python are next.

No marketing list. No resale. One human reads each request.
© 2026 phitracev0.0.1