There's a string of characters on every medical bill that most people skip right over: the ICD-10 code. It looks like this: F33.1, or E11.65, or C50.911.
Your accountant sees it when you hand over receipts for tax deductions. Your employer's benefits administrator sees it when you submit an FSA reimbursement.
F33.1 is recurrent major depressive disorder. E11.65 is type 2 diabetes with hyperglycemia. C50.911 is malignant neoplasm of the right breast.
Every medical bill you share without redacting the diagnosis code is a disclosure of your medical condition to someone who almost certainly doesn't need to know it.
What Your Medical Bill Reveals
| Data Type | What It Contains | Risk |
|---|---|---|
| ICD-10 Codes | Your exact diagnosis, down to left/right and severity | High — reveals conditions |
| CPT Codes | Exact procedures performed on you | High — reveals treatments |
| Clinical Descriptions | Plain-English diagnosis and treatment narrative | High — immediately readable |
| Insurance Policy # | Your policy number, group number, subscriber ID | Medium — enables insurance fraud |
| Patient Account # | Unique identifier at that provider | Medium — persistent identifier |
| Referring Provider | Which doctor referred you | Medium — reveals condition type |
What to Redact by Situation
Redact: ICD-10 codes, CPT codes, clinical descriptions, patient account #, insurance details
Keep: Your name, provider name, dates of service, total billed, amount you paid
Your tax preparer needs dates, amounts, and provider names — not your diagnosis. IRS Publication 969 does not require diagnosis codes for medical expense substantiation.
Redact: ICD-10 codes, CPT codes, detailed clinical descriptions
Keep: Your name, provider name, date of service, amount paid, general service type (medical/dental/vision)
Most FSA/HSA administrators explicitly state they do not require diagnosis codes. If yours asks for them, push back — cite IRS Publication 969.
Keep visible: Everything relevant to the specific claim being appealed, including diagnosis and procedure codes
Redact: Other family members' info, unrelated claims on the same EOB, bank details
Consult your attorney. In personal injury cases, bills for the specific injury are typically unredacted. Unrelated conditions on the same documents should be redacted.
The 18 HIPAA Identifiers
For reference, HIPAA defines 18 categories of protected health information. On standard medical billing documents, focus on: names, geographic data, dates, phone numbers, email addresses, SSNs, medical record numbers, health plan beneficiary numbers, and account numbers.
How to Redact With SafeRedact
Upload
Download the PDF from your patient portal or scan the paper bill. Drop into SafeRedact — your file stays in your browser.
AI Detection
SafeRedact flags patient IDs, account numbers, phone numbers, addresses, DOBs, and insurance numbers automatically.
Manual Additions
You redact ICD-10 codes, CPT codes, and clinical descriptions — these require human judgment about what's relevant to the purpose.
Apply & Download
Pixel-burn permanently destroys the data. Your diagnosis codes aren't hidden — they're gone from the file entirely.
Your Diagnosis Stays Private
AI detects patient IDs and account numbers. You redact the diagnosis codes. Pixel-burn makes it permanent. Files never leave your browser.
Start Redacting Free