n8n for HealthTech SaaS: 5 Automations That Scale EHR Integrations and Keep PHI Compliant (Free Workflow JSON)

#n8n #healthtech #automation #programming

If your company builds EHR software, telehealth platforms, health insurance SaaS, or FHIR/HL7 integration middleware — this post is for you.

This is not about how a clinic uses n8n. It's about how HealthTech vendors use n8n to run their own internal ops: onboarding health systems, monitoring API integrations, tracking HIPAA compliance deadlines, and keeping their platform engineering teams ahead of PHI sync failures.

The core problem: HealthTech SaaS teams deal with extraordinarily sensitive data (PHI), strict regulatory timelines (HIPAA, ONC 21st Century Cures, HITRUST), and complex HL7/FHIR integration stacks. Every tool that touches that data needs a Business Associate Agreement (BAA). Zapier and Make.com require their own BAA — and route your PHI through their cloud. n8n self-hosted means your PHI never leaves your infrastructure.

Here are 5 production-ready n8n workflows for HealthTech SaaS vendors, with import-ready JSON.

1. EHR/FHIR API Integration Health Monitor

The problem: You have dozens of health system integrations (HL7 ADT feeds, FHIR R4 endpoints, payer eligibility APIs). One silently failing integration means delayed care — and an angry health system calling your CSM.

The workflow:

Schedule Trigger — runs every 5 minutes
Google Sheets — reads your integration endpoint inventory (health system name, endpoint URL, type: FHIR/HL7/REST, SLA tier)
HTTP Request — pings each endpoint, captures status code + response time
Code node — classifies each result: CRITICAL (non-200 or >5s), DEGRADED (200 but >2s), OK (<2s). Deduplicates alerts by storing last_alert_at in workflow static data — no repeat Slack pings for sustained outages
Filter — passes only CRITICAL/DEGRADED results
Slack — posts to #integration-ops with health system name, endpoint type, status, response time, and SLA tier
Postgres — logs to integration_sla_events table (health_system_id, endpoint_type, status, response_time_ms, notified_at)

{
  "name": "EHR/FHIR API Integration Health Monitor",
  "nodes": [
    {"id": "1", "type": "n8n-nodes-base.scheduleTrigger", "parameters": {"rule": {"interval": [{"field": "minutes", "minutesInterval": 5}]}}, "position": [0, 0]},
    {"id": "2", "type": "n8n-nodes-base.googleSheets", "parameters": {"operation": "read", "sheetName": "Integrations"}, "position": [200, 0]},
    {"id": "3", "type": "n8n-nodes-base.httpRequest", "parameters": {"url": "={{$json.endpoint_url}}", "timeout": 8000}, "position": [400, 0]},
    {"id": "4", "type": "n8n-nodes-base.code", "parameters": {"jsCode": "const items = $input.all();\nconst staticData = $getWorkflowStaticData('global');\nif (!staticData.lastAlert) staticData.lastAlert = {};\nconst now = Date.now();\nreturn items.map(item => {\n  const status = item.json.statusCode === 200 ? (item.json.responseTime > 2000 ? 'DEGRADED' : 'OK') : 'CRITICAL';\n  const key = item.json.endpoint_url;\n  const lastAlerted = staticData.lastAlert[key] || 0;\n  const shouldAlert = status !== 'OK' && (now - lastAlerted > 900000);\n  if (shouldAlert) staticData.lastAlert[key] = now;\n  return { json: { ...item.json, status, shouldAlert } };\n})"}, "position": [600, 0]},
    {"id": "5", "type": "n8n-nodes-base.filter", "parameters": {"conditions": {"boolean": [{"value1": "={{$json.shouldAlert}}", "value2": true}]}}, "position": [800, 0]},
    {"id": "6", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#integration-ops", "text": "={{$json.status}} | {{$json.health_system_name}} | {{$json.endpoint_type}} | {{$json.response_time_ms}}ms"}, "position": [1000, 0]},
    {"id": "7", "type": "n8n-nodes-base.postgres", "parameters": {"operation": "insert", "table": "integration_sla_events"}, "position": [1000, 200]}
  ]
}

2. New Health System Client Onboarding Drip

The problem: Onboarding a new health system is a multi-week technical project. Without structured follow-ups, integration milestones slip, go-live delays, and your CSM team chases every thread manually.

The workflow:

Google Sheets Trigger — fires when a new row is added to your CRM/onboarding sheet (or use a webhook from Salesforce/HubSpot)
Day 0 — Gmail sends API credentials, FHIR endpoint docs, implementation guide, and sandbox access
Slack — DMs the assigned CSM with the account name and go-live target date
Wait 3 days → Gmail Day 3 check-in: 'How is the integration setup going? Need help with HL7 ADT mapping?'
Wait 4 days → Gmail Day 7: First data sync milestone checklist — verify ADT feed live, test FHIR queries, confirm sandbox round-trips
Google Sheets — marks onboarding_complete = true + logs timestamps for each milestone

{
  "name": "Health System Onboarding Drip",
  "nodes": [
    {"id": "1", "type": "n8n-nodes-base.googleSheetsTrigger", "parameters": {"sheetName": "New Clients", "event": "rowAdded"}, "position": [0, 0]},
    {"id": "2", "type": "n8n-nodes-base.gmail", "parameters": {"to": "={{$json.it_contact_email}}", "subject": "Welcome to {{$json.platform_name}} — Your API Credentials & Setup Guide", "message": "Hi {{$json.contact_name}},\n\nWelcome aboard! Your FHIR R4 sandbox endpoint and API keys are attached..."}, "position": [200, 0]},
    {"id": "3", "type": "n8n-nodes-base.slack", "parameters": {"channel": "={{$json.csm_slack_id}}", "text": "New onboarding: {{$json.health_system_name}} — go-live target {{$json.golive_date}}"}, "position": [400, 0]},
    {"id": "4", "type": "n8n-nodes-base.wait", "parameters": {"amount": 3, "unit": "days"}, "position": [600, 0]},
    {"id": "5", "type": "n8n-nodes-base.gmail", "parameters": {"to": "={{$json.it_contact_email}}", "subject": "Day 3 Check-In — Integration Status"}, "position": [800, 0]},
    {"id": "6", "type": "n8n-nodes-base.wait", "parameters": {"amount": 4, "unit": "days"}, "position": [1000, 0]},
    {"id": "7", "type": "n8n-nodes-base.gmail", "parameters": {"to": "={{$json.it_contact_email}}", "subject": "Day 7 Milestone Checklist — First Data Sync"}, "position": [1200, 0]},
    {"id": "8", "type": "n8n-nodes-base.googleSheets", "parameters": {"operation": "update", "sheetName": "New Clients", "data": {"onboarding_complete": true}}, "position": [1400, 0]}
  ]
}

3. HIPAA & Regulatory Compliance Deadline Tracker

The problem: HealthTech SaaS vendors face a cascade of regulatory deadlines — HIPAA risk assessments, ONC 21st Century Cures information blocking attestations, SOC 2 evidence collection windows, HITRUST renewal timelines, HL7 FHIR R4 certification renewals. Missing one is a breach notification, a fine, or a lost enterprise contract.

The workflow:

Schedule Trigger — weekdays at 8 AM
Google Sheets — reads compliance deadline tracker (regulation, description, deadline date, owner email, owner Slack ID)
Code node — calculates days_until_deadline, assigns urgency tier: OVERDUE (< 0), CRITICAL (≤ 7 days), URGENT (≤ 21 days), WARNING (≤ 60 days), NOTICE (≤ 90 days). Skips items > 90 days
Filter — passes only OVERDUE through NOTICE
Switch — routes OVERDUE/CRITICAL to #regulatory-ops Slack + Gmail, WARNING/NOTICE to #compliance-calendar Slack only
Gmail — sends regulation-specific action item email to the compliance owner (e.g., HIPAA §164.308: schedule risk assessment vendor; ONC information blocking: prepare attestation for CMS portal; SOC 2: pull access log evidence for auditor)

{
  "name": "HIPAA & Regulatory Compliance Deadline Tracker",
  "nodes": [
    {"id": "1", "type": "n8n-nodes-base.scheduleTrigger", "parameters": {"rule": {"interval": [{"field": "cronExpression", "expression": "0 8 * * 1-5"}]}}, "position": [0, 0]},
    {"id": "2", "type": "n8n-nodes-base.googleSheets", "parameters": {"operation": "read", "sheetName": "Compliance Deadlines"}, "position": [200, 0]},
    {"id": "3", "type": "n8n-nodes-base.code", "parameters": {"jsCode": "return $input.all().map(item => {\n  const daysLeft = Math.floor((new Date(item.json.deadline_date) - new Date()) / 86400000);\n  let urgency;\n  if (daysLeft < 0) urgency = 'OVERDUE';\n  else if (daysLeft <= 7) urgency = 'CRITICAL';\n  else if (daysLeft <= 21) urgency = 'URGENT';\n  else if (daysLeft <= 60) urgency = 'WARNING';\n  else if (daysLeft <= 90) urgency = 'NOTICE';\n  else return null;\n  return { json: { ...item.json, daysLeft, urgency } };\n}).filter(Boolean)"}, "position": [400, 0]},
    {"id": "4", "type": "n8n-nodes-base.switch", "parameters": {"rules": {"rules": [{"value2": "OVERDUE"}, {"value2": "CRITICAL"}, {"value2": "URGENT"}]}}, "position": [600, 0]},
    {"id": "5", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#regulatory-ops", "text": "={{$json.urgency}} | {{$json.regulation}} | Due: {{$json.deadline_date}} ({{$json.daysLeft}}d) | Owner: {{$json.owner_name}}"}, "position": [800, -100]},
    {"id": "6", "type": "n8n-nodes-base.gmail", "parameters": {"to": "={{$json.owner_email}}", "subject": "[{{$json.urgency}}] {{$json.regulation}} deadline in {{$json.daysLeft}} days"}, "position": [800, 100]},
    {"id": "7", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#compliance-calendar", "text": "={{$json.urgency}} | {{$json.regulation}} | {{$json.daysLeft}} days"}, "position": [1000, 0]}
  ]
}

Regulations to track:

HIPAA §164.308 — Annual security risk assessment
ONC 21st Century Cures — Information blocking attestation (CMS portal)
SOC 2 Type II — Evidence collection window open/close dates
HITRUST CSF — Certification renewal date
HL7 FHIR R4 — ONC certification renewal
State-level health data privacy laws (CMIA in CA, etc.)

4. PHI Data Sync Failure Alert & Auto-Escalation

The problem: A failed PHI sync isn't just an ops issue — it may mean a patient's medication list didn't update in the EHR, or a prior authorization didn't reach the payer. These failures require immediate triage, not a morning Slack digest.

The workflow:

Webhook — receives sync.failed or sync.stalled events from your integration engine
Code node — classifies by integration type: HL7_ADT (patient movements — CRITICAL), FHIR_PATIENT (demographics), CLAIMS_837 (billing), ELIGIBILITY_270 (insurance check). Marks patient-safety-relevant failures as CRITICAL
Slack — posts to #data-ops with sync type, health system, failure reason, patient count affected
Postgres — logs to phi_sync_failures (health_system_id, sync_type, error_code, patient_count, severity, detected_at)
Wait 15 minutes — re-check window
HTTP Request — polls sync status endpoint
IF — if still failing after 15 min: Slack #platform-critical (escalation channel) + Gmail to health system IT contact

{
  "name": "PHI Data Sync Failure Alert",
  "nodes": [
    {"id": "1", "type": "n8n-nodes-base.webhook", "parameters": {"path": "phi-sync-failure", "method": "POST"}, "position": [0, 0]},
    {"id": "2", "type": "n8n-nodes-base.code", "parameters": {"jsCode": "const ev = $input.first().json;\nconst patientSafety = ['HL7_ADT', 'MEDICATION_SYNC'].includes(ev.sync_type);\nreturn [{ json: { ...ev, severity: patientSafety ? 'CRITICAL' : 'HIGH', patient_safety_relevant: patientSafety } }]"}, "position": [200, 0]},
    {"id": "3", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#data-ops", "text": "SYNC FAILURE | {{$json.sync_type}} | {{$json.health_system_name}} | {{$json.patient_count}} patients | {{$json.error_code}}"}, "position": [400, 0]},
    {"id": "4", "type": "n8n-nodes-base.postgres", "parameters": {"operation": "insert", "table": "phi_sync_failures"}, "position": [400, 200]},
    {"id": "5", "type": "n8n-nodes-base.wait", "parameters": {"amount": 15, "unit": "minutes"}, "position": [600, 0]},
    {"id": "6", "type": "n8n-nodes-base.httpRequest", "parameters": {"url": "={{$env.INTEGRATION_API}}/sync/{{$json.sync_id}}/status"}, "position": [800, 0]},
    {"id": "7", "type": "n8n-nodes-base.if", "parameters": {"conditions": {"string": [{"value1": "={{$json.status}}", "value2": "failed"}]}}, "position": [1000, 0]},
    {"id": "8", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#platform-critical", "text": "UNRESOLVED after 15min | {{$json.sync_type}} | {{$json.health_system_name}} — page on-call"}, "position": [1200, -100]},
    {"id": "9", "type": "n8n-nodes-base.gmail", "parameters": {"to": "={{$json.it_contact_email}}", "subject": "[ACTION REQUIRED] Data sync issue detected for your integration"}, "position": [1200, 100]}
  ]
}

5. Weekly HealthTech Platform KPI Dashboard

The problem: Your VP Engineering, CTO, and CSM team need a weekly pulse on platform health — but pulling the numbers manually from Postgres each Monday morning is a 45-minute tax on your best engineer.

The workflow:

Schedule Trigger — Monday at 8 AM
Postgres — queries: active health systems, total API calls (7d), failed syncs (7d), avg response latency (ms), MRR, new health systems onboarded this week
Code node — computes WoW % changes using $getWorkflowStaticData('global') to store last week's values. Builds HTML email table with color coding (red = worse, green = better)
Gmail — sends HTML report to engineering leadership + CSM team (BCC)
Slack — one-liner to #management: 'Weekly: 47 health systems | 2.1M API calls | 99.3% sync success | $182k MRR (+3.1% WoW)'

{
  "name": "Weekly HealthTech Platform KPI Dashboard",
  "nodes": [
    {"id": "1", "type": "n8n-nodes-base.scheduleTrigger", "parameters": {"rule": {"interval": [{"field": "cronExpression", "expression": "0 8 * * 1"}]}}, "position": [0, 0]},
    {"id": "2", "type": "n8n-nodes-base.postgres", "parameters": {"operation": "executeQuery", "query": "SELECT COUNT(DISTINCT health_system_id) as active_systems, SUM(api_calls_7d) as total_calls, SUM(failed_syncs_7d) as failed_syncs, AVG(avg_latency_ms) as avg_latency, SUM(mrr_cents)/100 as mrr FROM platform_metrics WHERE date = CURRENT_DATE"}, "position": [200, 0]},
    {"id": "3", "type": "n8n-nodes-base.code", "parameters": {"jsCode": "const data = $input.first().json;\nconst staticData = $getWorkflowStaticData('global');\nconst prev = staticData.lastWeek || {};\nconst wow = (curr, last) => last ? ((curr - last) / last * 100).toFixed(1) + '%' : 'N/A';\nconst report = {\n  active_systems: data.active_systems,\n  total_calls: data.total_calls,\n  failed_syncs: data.failed_syncs,\n  sync_success_rate: ((1 - data.failed_syncs / data.total_calls) * 100).toFixed(2) + '%',\n  avg_latency: data.avg_latency + 'ms',\n  mrr: '$' + data.mrr,\n  mrr_wow: wow(data.mrr, prev.mrr)\n};\nstaticData.lastWeek = { ...data };\nreturn [{ json: report }]"}, "position": [400, 0]},
    {"id": "4", "type": "n8n-nodes-base.gmail", "parameters": {"to": "engineering@company.com", "subject": "Weekly HealthTech Platform Report", "message": "<h2>Weekly Platform KPIs</h2><table><tr><th>Metric</th><th>Value</th></tr><tr><td>Active Health Systems</td><td>{{$json.active_systems}}</td></tr><tr><td>API Calls (7d)</td><td>{{$json.total_calls}}</td></tr><tr><td>Sync Success Rate</td><td>{{$json.sync_success_rate}}</td></tr><tr><td>Avg Latency</td><td>{{$json.avg_latency}}</td></tr><tr><td>MRR</td><td>{{$json.mrr}} ({{$json.mrr_wow}} WoW)</td></tr></table>"}, "position": [600, 0]},
    {"id": "5", "type": "n8n-nodes-base.slack", "parameters": {"channel": "#management", "text": "Weekly: {{$json.active_systems}} health systems | {{$json.total_calls}} API calls | {{$json.sync_success_rate}} sync success | {{$json.mrr}} MRR ({{$json.mrr_wow}} WoW)"}, "position": [800, 0]}
  ]
}

Why HealthTech SaaS teams choose self-hosted n8n

	n8n (self-hosted)	Zapier	Make.com
PHI routing	Stays in your infra	Routes through Zapier cloud	Routes through Make cloud
BAA required	Your infra only	Yes — additional vendor BAA	Yes — additional vendor BAA
Cost at 100k tasks/mo	~$20/mo VPS	$599/mo	$299/mo
Audit trail	Git-versioned JSON	Zapier UI only	Make UI only
HIPAA §164.312	Meets technical safeguards	Shared responsibility	Shared responsibility
HITRUST CSF	Documentable controls	Black box	Black box
Custom HL7/FHIR parsing	Full code node	Limited	Limited
On-prem deployment	Yes	No	No

Get these workflows ready-made

All 5 workflows above (plus 9 more for HealthTech ops) are in the FlowKit n8n Template Pack at stripeai.gumroad.com — import-ready JSON, no setup from scratch.

If you're building on top of n8n for your own HealthTech product, these same patterns work for:

Patient notification systems
Payer eligibility verification pipelines
Prior authorization automation
Clinical trial data collection
Population health alert systems

The HIPAA angle alone is worth the conversation: self-hosted n8n eliminates one entire BAA vendor from your compliance stack, which your security team will notice immediately.

FlowKit builds n8n automation templates for technical teams. Browse the full library at stripeai.gumroad.com.