Skip to main content
Patient Protect circular logo mark in purple and white used for site navigationPatient Protect

Free tool

Map how patient data moves through your practice.

Drag entities onto the canvas, draw connections between them, and the mapper automatically scores each data flow for HIPAA compliance risk. Missing BAAs, unencrypted transports, and non-compliant vendors surface instantly.

Free·No login required·Data stays in your browser·Export SVG & JSON

16

Entity types

Patient, EHR, Cloud, Telehealth, Vendors, and more

5

Risk levels

Minimal → Severe, auto-calculated per connection

4

Templates

Basic PHI, Telehealth, Cloud Migration, Full Practice

11

Transport methods

Encrypted API, VPN, SFTP, fax, USB, and more

This mapper is designed for desktop environments.

You can still explore below, but drag-and-drop works best on a larger screen.

Loading data flow mapper…

Every unmonitored flow you just mapped is a violation waiting to happen.

Start free trial →

How it works

Five minutes to a complete PHI flow diagram.

01

Add entities

Click any entity type in the sidebar — EHR, cloud storage, telehealth, billing vendors, or create your own.

02

Draw connections

Activate the Connect tool and drag from one node’s dot to another. Each connection represents a PHI data flow.

03

Review risk scores

Risk badges appear on every connection. Click one to set transport method, PHI data types, and see the detailed risk breakdown.

04

Export your map

Download as SVG for compliance documentation or JSON to reload later. Your work autosaves to the browser.

Why map data flows

HIPAA requires you to know where patient data goes. Most practices cannot answer that question.

The HIPAA Security Rule (45 CFR 164.312) requires covered entities to implement technical safeguards for all electronic protected health information. You cannot safeguard what you have not mapped. Every vendor that touches PHI without a signed BAA is a violation waiting to happen. Every unencrypted email carrying patient records is an open breach vector.

The ePHI Data Flow Mapper gives independent practices the same visibility that hospital systems pay five figures to maintain. Add your EHR, your cloud storage, your billing service, your telehealth platform — and see exactly which connections are secured and which are exposed.

Add a Patient Protect node to see how risk scores drop when PHI flows through a compliant security layer. This is not a sales trick — it is a direct illustration of what active breach prevention does to your compliance standing.

Ready to fix the gaps — not just see them?

The mapper shows you where patient data is exposed. Patient Protect closes the gaps with continuous monitoring, automated BAA tracking, and active breach prevention.

See your HIPAA score — freeSee pricing