Defines systems of record and downstream consumers; visualizes PHI movement and identifies uncontrolled “shadow” flows.
Benefits
- Clarity on PHI locations
- Risk spotlighting
- Fewer orphaned feeds
Capabilities
- Registry of PHI systems
- Flow diagrams
- Owner & contract linkage
Why it matters: You can’t protect what you can’t see. A defensible HIPAA program starts with a living inventory of PHI systems and the flows between them, distinguishing sources of truth from downstream copies, finding shadow integrations, and drawing the trust boundaries that govern who can see what.
Architecture & Standards
- System registry: authoritative list of PHI systems (EMR, data marts, analytics, HIE, vendor apps) with owners and contracts.
- Flow modeling: capture sources, transport (HL7v2, FHIR, SFTP, file drop), frequency, encryption, and receiving systems.
- Trust boundaries: tag flows and stores as trusted core vs. non-core with handling rules (masking, delay, sampling).
- Lineage: end-to-end data lineage from acquisition → transformation → publication → access.
Governance & Compliance
- Map flows to Minimum Necessary policy; flag excess attributes and unmanaged extracts.
- Attach legal artifacts (BAAs, DPAs) and renewal dates to each vendor/system.
- Record encryption at rest/in transit and key custodians for each store.
Roles & Value
- Security & Compliance: visibility to PHI locations and shadow feeds; faster risk assessments.
- Architecture & Data: lineage for impact analysis; rationalize redundant pipelines.
- Executive: single, reportable view of PHI surface area and change deltas.
Capabilities
- Guided onboarding for new systems and integrations with required metadata.
- Change detection and owner approval workflow for new or modified flows.
- Exportable diagrams and evidence packets for auditors and counsel.


