Detect and redact Protected Health Information (PHI) from medical records, insurance claims, and healthcare documents.
No signup required · 2 free documents/day
HIPAA's Privacy Rule defines 18 types of identifiers that constitute Protected Health Information (PHI). SafeRedact's AI detects most text-based identifiers automatically.
Full, first, last, maiden names
Addresses, cities, zip codes
Birth, admission, discharge, death
All telephone numbers
All fax numbers
All email addresses
Social Security numbers
MRN and chart numbers
Beneficiary numbers
Financial account numbers
Certificates, licenses
VIN, license plates
Medical device serials
Web URLs
Internet protocol addresses
Fingerprints, voiceprints (non-text)
Full-face photos (image-based)
Any unique code or number
AI-detected | Non-text (requires manual review)
Drop a medical record, insurance claim, or healthcare document into SafeRedact. Your file stays in your browser - it's never uploaded to our servers.
Our AI (powered by Claude) scans for all HIPAA identifiers: patient names, dates of birth, SSNs, addresses, medical record numbers, and more.
See highlighted PHI in your document. Add additional redactions or remove false positives. You're always in control.
Download a clean PDF with permanent, pixel-level redaction. The original PHI is completely removed, not just hidden.
When redacting PHI, how your tool handles files matters as much as the redaction itself.
SafeRedact does not currently offer a Business Associate Agreement (BAA). If your organization is a HIPAA covered entity and requires a BAA, please consult with your compliance team before use. Our privacy-first architecture minimizes exposure, but formal compliance requires appropriate agreements.
Redact third-party information before sharing patient records with attorneys or other requesters.
Remove patient identifiers from Explanation of Benefits (EOB) or claims documents.
De-identify patient data for research purposes or case studies.
Prepare medical records for litigation while protecting non-relevant patient information.
Create de-identified samples for compliance audits or training purposes.
Prepare redacted documents for breach notification reports.
The HIPAA Privacy Rule (45 CFR § 164.514) provides two methods for de-identifying protected health information.
Remove all 18 HIPAA identifiers and confirm the remaining data cannot be used to identify an individual. This is the most common approach because it provides clear, categorical rules.
When to use: Most standard redaction workflows — sharing records for research, responding to subpoenas, inter-facility transfers of de-identified data.
SafeRedact approach: AI detects the 18 identifier categories automatically. You review, confirm, and redact permanently.
A qualified statistical or scientific expert determines that the risk of identifying an individual from the remaining data is "very small." The expert must document their methods and results.
When to use: When you need to retain more data elements than Safe Harbor allows — typically for clinical research or population health studies.
Note: Requires hiring a qualified expert. More flexible but more expensive and slower than Safe Harbor.
The HHS Office for Civil Rights (OCR) enforces HIPAA with a four-tier penalty structure based on culpability.
$137–$68,928
per violation
The covered entity was unaware and could not have reasonably known. Annual max: $2.07M.
$1,379–$68,928
per violation
Due to reasonable cause, not willful neglect. Should have known but wasn't intentional. Annual max: $2.07M.
$13,785–$68,928
per violation
Due to willful neglect, corrected within 30 days of discovery. Annual max: $2.07M.
$68,928–$2.07M
per violation
Not corrected within 30 days. Criminal penalties may also apply — up to $250K and 10 years for knowing misuse of PHI.
Penalty amounts reflect 2024 inflation adjustments per 45 CFR § 160.404.
Understanding when a Business Associate Agreement is — and isn't — required.
SafeRedact processes documents in your browser. Files never leave your device. Only extracted text is sent to AI for analysis — encrypted in transit and not stored.
This privacy-first architecture means SafeRedact never has access to your complete documents or original PHI.
If your compliance team determines that text extraction constitutes "access to PHI," a BAA may be required. Consult your HIPAA compliance officer.
For organizations requiring BAA coverage, SafeRedact's Enterprise plan includes BAA availability. Contact us to discuss.
Start free, pay only when you need more.
SafeRedact's architecture is designed for privacy - files never leave your browser, and we only see extracted text. However, we do not currently offer a BAA. If you're a covered entity requiring a BAA, please consult your compliance team.
SafeRedact's AI detects common PHI types including names, addresses, dates, SSNs, MRNs, phone numbers, emails, and account numbers. Organizations should verify detection meets their specific requirements. Biometric identifiers and photographs require manual review as they are non-text elements.
Yes. SafeRedact includes OCR (optical character recognition) to extract text from scanned documents and images. The AI then analyzes the extracted text for PHI.
Yes. SafeRedact creates pixel-level redactions that permanently remove the underlying content. The redacted information cannot be recovered or extracted from the output file.
Compliance Note: SafeRedact is a redaction tool designed to help identify and remove PHI from documents. HIPAA compliance requires comprehensive organizational safeguards including policies, training, access controls, and audit procedures. SafeRedact can be one part of a compliant workflow, but organizations should work with qualified compliance professionals to ensure their complete processes meet regulatory requirements.
See if it fits your workflow. No account required for the free tier.