Network · Patient Management

Patient records that audit themselves.

One place for patient records. Role-based access. Every view, edit, export logged automatically. The audit trail builds itself while you do the work.

Start 14-day free trial Or book a demo

Included in Core·Starting at $39/mo

Patient Protect — Patient Management

HIPAA mapping

What this satisfies in the Security Rule.

5 citations, each with the specific Patient Management behavior that satisfies it. The mapping is the receipt — what you can show an auditor without assembling anything new.

§164.502(a)

Uses and disclosures of PHI

Limits PHI use to permitted purposes. Role-scoped access enforces the permission boundaries directly.

§164.502(b)

Minimum necessary

Workforce members see only what their role requires. The record's structure enforces the standard.

§164.524

Access of individuals to PHI

Provides patient access to their PHI. The record supports patient-initiated access requests with audit-trail response.

§164.526

Amendment of PHI

Permits patient amendment requests. Amendment workflow embedded in the record.

§164.528

Accounting of disclosures

Provides accounting upon request. The record's audit trail is the accounting, filterable by date range and disclosure type.

What it does

The patient record where compliance is the architecture.

Patient records distributed across multiple systems — EHR, practice management, paper, scanned PDFs, the office tablet, the front-desk spreadsheet — produce compliance gaps. Some systems audit; some don't. Some are role-scoped; some are open to anyone with login. The compliance picture across the whole patient record is unknowable.

Patient Protect's Patient Management is the compliance-grade patient record. Demographics, consent, communication preferences, intake forms, secure messaging history, referrals — all in one record with consistent access controls and consistent audit logging. The patient record becomes the defensible source of truth for the data that touches HIPAA compliance.

Every interaction with a record produces an audit log entry. Field views, edits, downloads, exports, secure messaging sends, form submissions. The record is its own audit; “who's seen this patient's record in the last 30 days?” returns the list immediately.

How it works

6 mechanisms keep Patient Management working.

Centralized structured records.

One place for the patient data the platform manages. The record is structured — fields are typed, validated, and queryable. Free-text notes are captured but the structured fields enable reliable queries.

Role-scoped access enforcement.

Field-level permissions per role. Office Staff don't see clinical history; Medical Care Staff see clinical fields per their role configuration; PCPs see full scope for their panel. The enforcement is at the record-render time — patients with restricted scope simply don't see the protected fields.

Patient-self access.

The Patient role accesses their own record (read). Patients view their own demographics, consent acknowledgments, intake submissions, communication preferences, and messaging history with the practice. Full clinical record access depends on the practice's policy and the data's clinical context.

Patient amendment requests.

Patients can submit amendment requests through the platform (§164.526). The request workflow notifies the appropriate workforce member (typically Privacy Officer); the response is captured with timestamp and rationale; the audit trail documents the request lifecycle.

Accounting of disclosures support.

The record's audit log answers §164.528 accounting requests. Filter the audit by date range and disclosure type; the result is the accounting. Historically a manual compilation; with this feature it's a query.

Communication preferences.

Per-patient communication preferences (preferred channel, opt-in for SMS, language, accessibility needs). The platform's messaging system reads these preferences automatically — outreach to a patient who's opted out of SMS goes by their preferred channel.

Who this is for

Built for the practices that need it most.

Practices that have records scattered across systems.

Migration is supported. Import demographics from existing practice management systems via CSV. Import consent records from prior intake systems. The platform doesn't replace clinical EHR — it complements with the compliance-relevant record fields that EHRs often handle weakly.

Practices that have responded to access or accounting requests.

If your practice has fielded a §164.524 access request or a §164.528 accounting request, you know the manual compilation cost. The platform's record makes both into queries.

Practices implementing 42 CFR Part 2 controls.

Substance use treatment records require additional access controls beyond standard HIPAA. Part 2-aware mode in the patient record enforces the additional restrictions.

Practices that want auditable patient communication.

Every patient interaction with the practice produces a record entry. Phone notes, secure messages, form submissions, in-office discussions documented in the record. The patient relationship has continuity beyond memory.

Connected to

No module is an island.

Patient Managementworks because it's connected. Every signal feeds another module; every closure becomes evidence somewhere else.

Operations layer

Access Management

Role enforcement on the patient record uses the same eight-role model as the rest of the platform.

Learn more

Network layer

Secure Messaging

Patient messaging cross-references the patient record; messages feed the record's audit.

Learn more

Defense layer

ePHI Audit Logs

Record access events feed the unified audit log.

Learn more

What you get

6outcomes you'll feel in week one.

One place for the patient record.

Demographics, consent, preferences, history — structured and queryable.

Role-scoped access.

Workforce members see what their role permits, nothing more.

Patient-self access.

Patients see their own record per §164.524.

Amendment workflow.

§164.526 amendment requests handled inline.

Accounting of disclosures.

§164.528 accounting answered by query.

Audit by default.

Every interaction logged; “who's seen this record?” is a one-query answer.

FAQ

What people ask first.

6 questions cover most first-time evaluations. See all FAQs →

Does this replace our EHR?

No. The patient record in Patient Protect handles the compliance-relevant fields — demographics, consent, preferences, communication history. It complements clinical EHRs rather than replacing them. Most practices use both.

Can I import existing patient data?

Yes. CSV import is supported for migration. Field mapping during import handles structural differences between source systems. After import, the platform is the system of record for the imported fields.

What about pediatric records?

Pediatric records have specific privacy considerations (parental access, age-of-consent transitions, sensitive service exceptions). The platform supports pediatric-aware mode that handles the relevant controls.

Can patients edit their own demographics?

Configurable. Default is patients can update contact info (address, phone, email) directly with audit logging. Demographic fields like name, DOB, and insurance typically require workforce verification.

How do amendment requests work?

Patient submits the request through their record. The request appears in the Privacy Officer's queue with the patient's stated rationale. The Privacy Officer responds within the §164.526 window (60 days, with possible 30-day extension); the response is captured in the patient's record.

Is this Pro-only?

Centralized records and role-scoped access are Core. Some advanced patient-rights workflows (Part 2 mode, advanced amendment workflows) are Pro-plan features.

Continue exploring

Related features in the platform.

Operations

Access Management

From administrator to patient, every role has defined boundaries enforced at every endpoint. No shared logins. No manual overrides.

Learn more

Network

Secure Messaging

Six-state BAA lifecycle controls messaging access automatically. No manual intervention. No accidental ePHI to a vendor without a BAA. The gate is the architecture.

Learn more

Defense

ePHI Audit Logs

Immutable per-session, per-tab audit trail. OCR-ready by default. No assembly required when the auditor calls.

Learn more

Next step

The patient record that audits itself.

Most practices migrate demographic and consent data inside a weekend. The audit trail builds itself from there.

Start 14-day free trial →or book a demo

No contracts. No consultants. Starting at $39/mo.