# Redact Medical Records and Patient Files > De-identify clinical records for research, audit, or external sharing — with detection patterns aligned to HIPAA Safe Harbor identifiers. **Try it:** https://www.redact-pdf.ai/sign-up **See pricing:** https://www.redact-pdf.ai/pricing ## PHI in medical records Protected Health Information (PHI) under HIPAA includes 18 specific identifiers: names, addresses (smaller than state), dates more granular than year, telephone, email, SSN, medical record number, account number, certificate / license numbers, vehicle identifiers, device identifiers, URLs, IP addresses, biometric identifiers, full-face photos, and any other unique identifying number, characteristic, or code. ## When PHI redaction is mandatory - Sharing records with researchers (de-identification per HIPAA Safe Harbor) - Insurance claim submissions where minimum-necessary rule applies - Litigation discovery for medical malpractice cases - Inter-hospital transfers requiring redacted summaries ## Built on HIPAA-eligible Azure infrastructure Your data is processed on Microsoft Azure infrastructure that is HIPAA-eligible under Microsoft's Business Associate Agreement (BAA). Redact PDF AI itself is not independently HIPAA-audited; for full HIPAA compliance, your overall workflow (including a BAA with Microsoft) and your internal controls are what matter. ## How it works 1. **Upload patient files** — Single record or batch. Scanned charts work via OCR. 2. **Enable Person, Address, Date, Email, Phone, Organization** — Covers most HIPAA Safe Harbor categories. 3. **Studio audit** — For research-grade de-identification, Studio review is recommended. 4. **Download redacted records** — Output is rasterized — no recoverable PHI in metadata or text layers. ## For clinical research and quality teams HIPAA Safe Harbor de-identification requires removing 18 specific identifier categories. Our detector covers names, addresses, dates, phone, email, and organization — leaving you to handle medical record numbers and specialty identifiers via manual masks. ## Frequently asked questions ### Is Redact PDF AI HIPAA-compliant? The underlying Azure infrastructure is HIPAA-eligible under Microsoft's BAA. Redact PDF AI itself is not independently HIPAA-audited. Your full workflow compliance depends on your environment, contracts, and internal controls. ### Can I sign a BAA with Redact PDF AI? Contact us to discuss BAA arrangements for healthcare customers. ### Does it redact medical record numbers (MRN)? MRNs are not in the standard PII category set. Add MRN patterns to your "Always Redact" terms or use Studio manual masks. ## Related guides - https://www.redact-pdf.ai/redact/clinical-notes.md - https://www.redact-pdf.ai/redact/lab-results.md - https://www.redact-pdf.ai/redact/dates-from-pdf.md --- Primary keyword: redact medical records PDF Audience: medical Built on Microsoft Azure infrastructure (SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, HIPAA-eligible) with Swiss / EU data residency. Documents are never used to train AI models.