phi traceability for fast-moving healthtech teams

Trace·Curate·Fix·Shipphiassessmentsleaksevidence

Phitrace traces Protected Health Information through your codebase, from where it enters to where it exits. You see every flow with an assessment already attached, review and adjust where needed, fix the leaks before they ship, and generate audit-ready evidence.

Join the beta Why now

Trace

Every PHI flow in your codebase, from entry to exit.

sources +

form fields
api requests
database reads
upstream services

transforms +

redact
hash
date-shift
drop

exits +

third-party apis
browsers
logs
databases

Curate

Review the calls in the portal. Edit when your judgment matters.

§ finding #03

patient.email

→ logger.info()

☑ reviewed

Fix

Engineers fix the leaks before they ship.

§ patch · 3a7c4e2

− logger.info(email)

+ logger.info(mask(email))

leak resolved

Ship

Generate audit-ready evidence for any reader.

§ bundle

flows47

reviewed47/47

leaks0

evidence bundle

why now

AI ships fast. Investors ask sooner. Regulators catch up.

Healthtech codebases move faster than they used to. AI assistants and contributors generate code that goes live before anyone can read it line by line. The pressure to demonstrate compliance is rising at the same rate, and diligence teams, enterprise customers, and regulators are converging on the same code-path question.

The 2024 HIPAA Security Rule NPRM lifts the regulatory baseline further. Finalisation is expected in 2026, with technology asset inventories and ePHI flow maps among the new mandates. All three pressures point the same direction.

Most teams already run DSPM, DLP and generic SAST tools, and those cover real ground. They are not designed to answer the specific code-path question: where does a variable named patient.email flow, and where does it exit? That is the gap Phitrace fills.

recent enforcement, primary sources

$47.5MKaiser Permanente. Tracking scripts transmitting PHI to Google, Microsoft, Meta and X. 13.4M members. Preliminary approval Dec 2025.
$12.25MAdvocate Aurora. Meta Pixel on the patient portal. 2.5M+ members.
$225KDeer Oaks. OCR attributed the violation to “a coding error in a since discontinued pilot online patient portal” that exposed discharge summaries for roughly 18 months.

aggregate industry exposure 2023 to 2025: over $100M in tracking pixel settlements alone.

These are the public bills. The quieter ones come earlier: a diligence team probing ePHI flows mid-round, an enterprise customer pausing a BAA renewal until you can show your work.

use phitrace when

01shipping an AI-coded MVP into productionpre-launch
02merging code your team didn't all write line by linepre-merge
03going through technical diligence before a funding rounddiligence
04facing diligence questions from an acquirerdiligence
05answering an enterprise security questionnairesales
06inheriting a healthtech codebasehandoff
07preparing for an OCR auditaudit

what we look for

Where data enters. How it's transformed. Where it exits.

Three questions per flow. One call.

entry

Where PHI enters your code.

Form fields, API requests, database reads, upstream services. Each entry is classified against HIPAA's safe-harbor categories under §164.514(b), so determinations are grounded in the regulation rather than in interpretation.

transforms

Every change applied along the way.

Date shifts, redactions, hashing, drop on export, project-local helpers. Phitrace recognises each transform on the path. A flow that gets safely scrubbed is labelled clean rather than flagged.

exit

How the code path actually leaves.

Logs, third-party APIs, browsers, databases, file writes. Each exit is logged alongside how it's reached: behind authentication, or open to the internet. That distinction is part of the call, not a footnote.

→ one call per flow, ready for review

how a scan becomes evidence

From your repo to your evidence trail, in three stages.

One product, three stages — and an audit trail that compounds.

scan

Read what's in your code.

The scanner runs wherever your CI/CD already does — a developer's machine, your own runners, or our hosted environment. Either way, your source code stays where it is. Only the structural metadata Phitrace needs ever leaves the repo.

review

Curate the calls in the portal.

Findings land in the portal with a call already attached. Your team reviews, edits where Phitrace got it wrong, and signs off. Every action carries a reviewer and a timestamp.

ship

Hand off the evidence.

When your team is ready, the curated trail is sealed into an evidence bundle. PDF and structured data, with reviewer history intact. You hand it over.

how phitrace reads your code

Deterministic where it should be. AI-assisted where it matters.

Deterministic code analysis

Deterministic analysis maps the concrete structure of the codebase: where data enters, how it moves, what it touches, and where it exits. That keeps the trace reproducible and grounded in real code paths.

AI judgment

AI helps with the parts that require context: recognizing likely PHI, understanding project-specific helpers, interpreting framework patterns, and separating meaningful risk from noise.

Together, they give your team a traceable starting point: clear enough to review, practical enough to use, and structured enough to become evidence.

your edits stick

Phitrace decides. You overrule. It remembers.

Every flow lands in the portal with a call already attached. Your team's job is to review, override as needed, and sign off — once. The next scan picks up where you left off, so you never re-enter the same decision.

Phitrace's calls are the starting point. Adjust, override, or leave them as proposed.
Mark a finding as not PHI when it isn't. Mark an exit as auth-protected when the call wasn't clear. Your edits persist.
Suppress a false positive once. It stays suppressed until you revisit it.
Edits live alongside your git branches, so each branch sees its own state.
Re-scans pick up where you left off.

evidence on demand

One artifact, every reviewer.

Phitrace packages curated assessments into a sealed evidence bundle. PDF and structured data, cited under §164.514(b), with the reviewer trail intact. You stay in control of what goes in, when it's sealed, and who sees it.

Investor diligence team.

Mid-round technical diligence, ePHI flow questions, BAA assertions. Hand them the bundle.

Enterprise security review.

BAA defence, security questionnaires, code-path attestations. Hand them the bundle.

HHS auditor.

OCR investigation, §164.514(b) citations, reviewer + timestamp trail. Hand them the bundle.

who it's for

Built so the engineer and the leader on the hook can both work from the same record.

developers

Each finding shows what the data is, where it came from, and where it is going.
AI-generated code is read like any other code. Traced, classified, verified. No special pleading because an agent wrote it.
Phitrace's calls are editable. Override a false positive, mark an exit as auth-protected, suppress noise. Edits persist across scans.
Run a scan locally, or pick up the latest hosted scan in the web UI.
Branch-aware. Calls on a feature branch reflect that branch, not main.
Ambiguity is surfaced rather than guessed. You make the call when it matters.

founders, CTOs, CISOs

Code health visible without another meeting. A dashboard, not a Slack thread.
Reviewer identity and timestamp on every action. Diligence reviewers, security teams, and HHS investigators all look for the same kind of trail.
Evidence pack assembled and ready when the diligence team or auditor calls, and refreshed every time the team ships.
BAA defence, enterprise security questionnaires, and pre-investment due diligence answered from one source.

join the beta

Phitrace is opening to early users soon.

If you write or own healthtech code, especially anything generated or scaffolded by AI tools, we'd love to put Phitrace in front of you. Participation is free. We ask for honest feedback in return.

Drop your email and we'll be in touch when access opens.

we read TypeScript and JavaScript today. PHP, Java, and Python next.