RedactionAPI.net
Try Redaction Demo
Home
Data Types
Name Redaction Email Redaction SSN Redaction Credit Card Redaction Phone Number Redaction Medical Record Redaction
Compliance
HIPAA GDPR PCI DSS CCPA SOX
Industries
Healthcare Financial Services Legal Government Technology
Use Cases
FOIA Redaction eDiscovery Customer Support Log Redaction
Quick Links
Pricing API Documentation Login Try Redaction Demo
HIPAA-Compliant Data Redaction
99.7% Accuracy
70+ Data Types

HIPAA-Compliant Data Redaction

Achieve Safe Harbor de-identification by automatically detecting and redacting all 18 HIPAA identifiers. Protect PHI with 99.7% accuracy and comprehensive audit trails.

Enterprise Security
Real-Time Processing
Compliance Ready
Try Free Demo View API Docs
0 Words Protected
0+ Enterprise Clients
0+ Languages
18
PHI Identifiers
99.7 %
Accuracy
100 %
Audit Coverage
Safe Harbor
Certified
Safe Harbor Method

The 18 HIPAA Identifiers

Safe Harbor de-identification requires removal of these 18 specific identifier types. Our system detects and redacts all of them automatically.

1

Names

Full name, last name, first name initials

Examples: John Smith, J. Smith, Patient Smith
2

Geographic Data

All geographic subdivisions smaller than state

Examples: Street address, city, ZIP code, county
3

Dates

All elements of dates except year

Examples: Birth date, admission date, discharge date, death date
4

Phone Numbers

All telephone numbers

Examples: (555) 123-4567, 555-123-4567
5

Fax Numbers

All facsimile numbers

Examples: Fax: (555) 123-4568
6

Email Addresses

All electronic mail addresses

Examples: [email protected]
7

Social Security Numbers

Social Security numbers

Examples: 123-45-6789
8

Medical Record Numbers

Medical record numbers

Examples: MRN: 12345678
9

Health Plan Beneficiary Numbers

Health plan beneficiary numbers

Examples: Member ID: ABC123456
10

Account Numbers

Account numbers

Examples: Account: 9876543210
11

Certificate/License Numbers

Certificate or license numbers

Examples: License: DL12345678
12

Vehicle Identifiers

Vehicle identifiers and serial numbers

Examples: VIN, license plate numbers
13

Device Identifiers

Device identifiers and serial numbers

Examples: Pacemaker serial: PM123456
14

Web URLs

Web Universal Resource Locators

Examples: http://patient-portal.com/user123
15

IP Addresses

Internet Protocol address numbers

Examples: 192.168.1.1
16

Biometric Identifiers

Biometric identifiers including fingerprints

Examples: Fingerprint, voice print, retina scan
17

Full Face Photos

Full face photographic images

Examples: Patient photos, ID photos
18

Unique Identifiers

Any other unique identifying characteristic

Examples: Unique tattoos, rare conditions with identifying context
Key Features

Complete HIPAA De-identification

All 18 PHI identifiers detected and redacted

Name Detection

Patient names, relatives, employers, and household members detected with cultural awareness.

Geographic Data

All geographic subdivisions smaller than state including street, city, ZIP code (first 3 digits excepted).

Dates

All dates except year for ages under 90. Birth dates, admission dates, discharge dates, death dates.

Contact Information

Phone numbers, fax numbers, email addresses, and other electronic contact identifiers.

Identification Numbers

SSN, MRN, health plan ID, account numbers, certificate/license numbers, and device IDs.

Biometric & Unique

Biometric identifiers, photos, and any other unique identifying characteristic.

Simple Process

HIPAA De-identification Process

Safe Harbor compliant workflow

01

Upload PHI

Securely submit medical records, clinical notes, or any documents containing PHI.

02

Detect All 18

AI scans for all 18 HIPAA identifiers with context-aware accuracy.

03

Redact PHI

Apply Safe Harbor compliant redaction to all detected identifiers.

04

Generate Report

Receive de-identified document with audit trail and compliance certificate.

Start Processing Now
Developer Friendly

Easy API Integration

Get started with just a few lines of code

  • RESTful API with JSON responses
  • SDKs for Python, Node.js, Java, Go
  • Webhook support for async processing
  • Sandbox environment for testing
View Full Documentation
redaction_api.py
import requests

api_key = "your_api_key"
url = "https://api.redactionapi.net/v1/redact"

data = {
    "text": "John Smith's SSN is 123-45-6789",
    "redaction_types": ["ssn", "person_name"],
    "output_format": "redacted"
}

response = requests.post(url,
    headers={"Authorization": f"Bearer {api_key}"},
    json=data
)

print(response.json())
# Output: {"redacted_text": "[PERSON_NAME]'s SSN is [SSN_REDACTED]"}
const axios = require('axios');

const apiKey = 'your_api_key';
const url = 'https://api.redactionapi.net/v1/redact';

const data = {
    text: "John Smith's SSN is 123-45-6789",
    redaction_types: ["ssn", "person_name"],
    output_format: "redacted"
};

axios.post(url, data, {
    headers: { 'Authorization': `Bearer ${apiKey}` }
})
.then(response => {
    console.log(response.data);
    // Output: {"redacted_text": "[PERSON_NAME]'s SSN is [SSN_REDACTED]"}
});
curl -X POST https://api.redactionapi.net/v1/redact \
  -H "Authorization: Bearer your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "John Smith's SSN is 123-45-6789",
    "redaction_types": ["ssn", "person_name"],
    "output_format": "redacted"
  }'

# Response:
# {"redacted_text": "[PERSON_NAME]'s SSN is [SSN_REDACTED]"}
SSL Encrypted
<500ms Response

Understanding HIPAA De-identification Requirements

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule establishes national standards for protecting individuals' medical records and other personal health information. For organizations that need to use or share health data while protecting patient privacy, HIPAA provides two de-identification methods: Safe Harbor and Expert Determination.

The Safe Harbor method, which our automated system implements, requires removal of 18 specific types of identifiers and requires that the covered entity have no actual knowledge that the remaining information could identify an individual. This provides a clear, rules-based approach to de-identification that can be automated reliably.

Safe Harbor vs Expert Determination

Safe Harbor offers a prescriptive approach: remove the 18 specified identifiers, and the data is considered de-identified. This works well for most use cases and can be fully automated. Expert Determination, in contrast, requires a qualified statistical expert to determine that the risk of identification is very small. While potentially preserving more data utility, it requires expensive expert involvement and is difficult to scale.

For most organizations, Safe Harbor provides the right balance of compliance certainty, cost efficiency, and automation potential. Our system implements Safe Harbor with 99.7% accuracy, enabling high-volume de-identification while maintaining compliance.

PHI Detection Challenges in Healthcare

Healthcare documents present unique challenges for PHI detection. Clinical notes contain medical terminology that must be preserved while removing identifying information. Dictated reports may have non-standard formatting. Handwritten annotations require OCR. Family history sections mention relatives. Contextual references ("the 45-year-old diabetic patient") can be identifying.

Our healthcare-specific AI models understand these nuances. Trained on millions of medical documents, they recognize clinical contexts, understand medical terminology, and identify PHI even when embedded in complex medical narratives. The result is accurate de-identification that preserves clinical utility.

Handling Dates Under HIPAA

HIPAA's date rules merit special attention. All dates directly related to an individual must be removed, including birth date, admission date, discharge date, date of death, and all ages over 89. However, the year can generally be retained for individuals under 90. Our system intelligently handles these nuances, applying appropriate redaction rules based on context and patient age when known.

Geographic Data Handling

Geographic data smaller than state must be removed, with special rules for ZIP codes. The initial three digits of a ZIP code may be retained if the geographic unit contains more than 20,000 people. Our system implements these rules automatically, masking or removing geographic information appropriately based on population thresholds.

Audit Trail and Documentation

HIPAA compliance requires documentation of de-identification efforts. Our system generates comprehensive audit trails documenting: each detected PHI element, the identifier category, redaction method applied, confidence score, and processing timestamp. This documentation supports your compliance program and provides evidence for audits.

Business Associate Agreements

As a service processing PHI on behalf of covered entities, we execute Business Associate Agreements (BAAs) establishing our obligations under HIPAA. Our infrastructure implements all required Security Rule safeguards including encryption at rest and in transit, access controls, audit logging, and breach notification procedures. We undergo regular third-party security assessments to verify compliance.

Safe Harbor Checklist

  • Remove all 18 identifiers
  • No actual knowledge of re-identification
  • Document de-identification process
  • Maintain audit trails
  • Execute BAA with vendors

HIPAA Compliance Demo

See Safe Harbor de-identification in action with your own documents.

Try Free Demo
Customer Stories

Trusted by Industry Leaders

RedactionAPI has transformed our document processing workflow. We've reduced manual redaction time by 95% while achieving better accuracy than our previous manual process.

Sarah Chen
Sarah Chen

Chief Privacy Officer

HealthFirst Medical Group

The API integration was seamless. Within a week, we had automated redaction running across all our customer support channels, ensuring GDPR compliance effortlessly.

Michael Torres
Michael Torres

Head of Engineering

FinanceFlow Inc.

We process over 50,000 legal documents monthly. RedactionAPI handles it all with incredible accuracy and speed. It's become an essential part of our legal tech stack.

Jennifer Williams
Jennifer Williams

Director of Legal Operations

Morrison & Associates LLP

The multi-language support is outstanding. We operate in 30 countries and RedactionAPI handles all our documents regardless of language with consistent accuracy.

Hans Mueller
Hans Mueller

Global Compliance Manager

EuroTech Solutions

Trusted by 500+ enterprises worldwide

FAQ

Frequently Asked Questions

Everything you need to know about our redaction services

Still have questions?

Our team is ready to help you get started.

Contact Support
01

What are the 18 HIPAA identifiers?

The 18 HIPAA Safe Harbor identifiers are: (1) Names, (2) Geographic data smaller than state, (3) Dates except year, (4) Phone numbers, (5) Fax numbers, (6) Email addresses, (7) Social Security numbers, (8) Medical record numbers, (9) Health plan beneficiary numbers, (10) Account numbers, (11) Certificate/license numbers, (12) Vehicle identifiers, (13) Device identifiers, (14) Web URLs, (15) IP addresses, (16) Biometric identifiers, (17) Full-face photos, (18) Any other unique identifying number.

02

What is HIPAA Safe Harbor de-identification?

Safe Harbor is one of two HIPAA-approved de-identification methods. It requires removal of 18 specific identifiers plus assurance that the remaining information cannot identify an individual. Our automated process removes all 18 identifiers and documents the de-identification for compliance purposes.

03

Do you provide documentation for HIPAA audits?

Yes, we generate comprehensive audit documentation including: list of detected PHI types, redaction methods applied, confidence scores, processing timestamps, and compliance certificates. This documentation supports your HIPAA compliance program and audit requirements.

04

Can you handle different medical document formats?

Yes, we process all common healthcare document formats including PDF medical records, HL7 messages, FHIR resources, CDA documents, clinical notes, discharge summaries, lab results, and scanned documents with handwritten notes. Our OCR handles poor quality scans common in healthcare.

05

How accurate is PHI detection?

Our HIPAA profile achieves 99.7% accuracy across all 18 identifier types. We use healthcare-specific AI models trained on millions of medical documents to understand clinical terminology and context. For critical applications, human-in-the-loop review options are available.

06

Is your platform HIPAA compliant?

Yes, our platform is fully HIPAA compliant. We execute Business Associate Agreements (BAAs) with covered entities. Our infrastructure meets all HIPAA Security Rule requirements including encryption, access controls, audit logging, and breach notification procedures.

Enterprise-Grade Security

Achieve HIPAA Compliance Today

Start de-identifying PHI with Safe Harbor certainty.

Start Free Trial
Contact Sales
No credit card required
10,000 words free
Setup in 5 minutes