Guide 2026 · 5 min read

Redact Medical Records

Detect and redact Protected Health Information (PHI) from medical records, insurance claims, and healthcare documents.

The 18 HIPAA Identifiers

HIPAA's Privacy Rule defines 18 types of identifiers that constitute Protected Health Information (PHI). SafeRedact is not HIPAA compliant — users are solely responsible for regulatory compliance.

1. Names

Full, first, last, maiden names

2. Geographic Data

Addresses, cities, zip codes

3. Dates

Birth, admission, discharge, death

4. Phone Numbers

All telephone numbers

5. Fax Numbers

All fax numbers

6. Email Addresses

All email addresses

7. SSN

Social Security numbers

8. Medical Record #

MRN and chart numbers

9. Health Plan ID

Beneficiary numbers

10. Account Numbers

Financial account numbers

11. License Numbers

Certificates, licenses

12. Vehicle IDs

VIN, license plates

13. Device IDs

Medical device serials

14. URLs

Web URLs

15. IP Addresses

Internet protocol addresses

16. Biometric IDs

Fingerprints, voiceprints (non-text)

17. Photos

Full-face photos (image-based)

18. Other Unique IDs

Any unique code or number

AI-detected | Non-text (requires manual review)

How HIPAA Redaction Works

1

Upload Your Document

Drop a medical record, insurance claim, or healthcare document into SafeRedact. Your file stays in your browser - it's never uploaded to our servers.

2

AI Detects PHI

Our AI (powered by Claude) scans for all HIPAA identifiers: patient names, dates of birth, SSNs, addresses, medical record numbers, and more.

3

Review & Adjust

See highlighted PHI in your document. Add additional redactions or remove false positives. You're always in control.

4

Export De-identified Document

Download a clean PDF with permanent, pixel-level redaction. The original PHI is completely removed, not just hidden.

Privacy-First Architecture

When redacting PHI, how your tool handles files matters as much as the redaction itself.

Other Redaction Tools

  • Upload entire document to cloud servers
  • PHI stored on external servers (even briefly)
  • Third-party staff could access documents

SafeRedact

  • Files never leave your browser
  • Only extracted text sent for AI analysis
  • We only see extracted text — never your original files

Important Note for Covered Entities

SafeRedact is not HIPAA compliant and does not offer Business Associate Agreements (BAAs). Users are solely responsible for regulatory compliance. If your organization is a HIPAA covered entity and requires a BAA, please consult with your compliance team before use. Our privacy-first architecture minimizes exposure, but formal compliance requires appropriate agreements.

HIPAA Redaction Use Cases

Medical Records Requests

Redact third-party information before sharing patient records with attorneys or other requesters.

Insurance Claims

Remove patient identifiers from Explanation of Benefits (EOB) or claims documents.

Research & Studies

De-identify patient data for research purposes or case studies.

Legal Discovery

Prepare medical records for litigation while protecting non-relevant patient information.

Audit Preparation

Create de-identified samples for compliance audits or training purposes.

Breach Notification

Prepare redacted documents for breach notification reports.

Pricing

Pay when you need it

Try free with watermark. Remove it when you're ready.

Day Pass
$12

24 hours from purchase

Get Day Pass
Clean output, no watermark
Unlimited documents
One-time purchase
Best value
Subscribe
Monthly $29 · Annual $99
$29 /mo

Cancel anytime

Subscribe — $29/mo
Everything in Day Pass
Unlimited documents
Cancel or change anytime
Enterprise Custom pricing

Bulk DSAR & compliance for teams that process thousands of documents.

25,000+ files per batch DSAR selective redaction 10 file types DPA & audit log Zero retention
Contact Sales

Or try free with watermark — no signup required.

HIPAA Redaction FAQ

Is SafeRedact HIPAA compliant?

No. SafeRedact is not HIPAA compliant and does not offer Business Associate Agreements (BAAs). Users are solely responsible for determining whether SafeRedact meets their regulatory requirements.

What types of PHI does SafeRedact detect?

SafeRedact's AI detects common PHI types including names, addresses, dates, SSNs, MRNs, phone numbers, emails, and account numbers. Organizations should verify detection meets their specific requirements. Biometric identifiers and photographs require manual review as they are non-text elements.

Can SafeRedact handle scanned medical records?

Yes. SafeRedact includes OCR (optical character recognition) to extract text from scanned documents and images. The AI then analyzes the extracted text for PHI.

Is the redaction permanent?

Yes. SafeRedact creates pixel-level redactions that permanently remove the underlying content. The redacted information cannot be recovered or extracted from the output file.

Important: SafeRedact is not HIPAA compliant and does not offer Business Associate Agreements (BAAs). Users are solely responsible for determining whether SafeRedact meets their regulatory requirements. This page is for educational purposes only.

Start Redacting Free

See if it fits your workflow. No account required for the free tier.

Get Started View Pricing
Free with watermark No credit card required Files never leave your browser
Found this useful?
Link copied!