# Redact PDF AI for Healthcare

> HIPAA-aware AI redaction for clinical records, lab results, insurance claims, and clinical notes. Built on HIPAA-eligible Microsoft Azure infrastructure.

**Live page:** https://www.redact-pdf.ai/use-cases/healthcare

## Healthcare PHI and de-identification

Healthcare documents contain Protected Health Information (PHI) under HIPAA: 18 specific identifier categories including names, dates more granular than year, MRN, addresses smaller than state, phone, email, SSN, and others.

For research, quality improvement, or external sharing, PHI must be removed under HIPAA Safe Harbor de-identification or Expert Determination.

## Common documents we redact

- **Medical records** — see https://www.redact-pdf.ai/redact/medical-records
- **Clinical notes and progress notes** — see https://www.redact-pdf.ai/redact/clinical-notes
- **Lab results and diagnostic reports** — see https://www.redact-pdf.ai/redact/lab-results
- **Insurance claim documents** — see https://www.redact-pdf.ai/redact/insurance-claims

## PHI coverage

Our PII categories cover most HIPAA Safe Harbor identifiers:
- **Person** — patient and provider names
- **Date** — birth dates, treatment dates, admission/discharge dates
- **Address** — patient and facility addresses
- **Phone** and **Email** — contact details
- **Organization** — hospital and clinic names
- **IBAN** / **CreditCard** — payment data

Institution-specific identifiers (MRN, accession numbers, room numbers) can be added to your "Always Redact" terms list for guaranteed coverage.

## HIPAA posture

Documents are processed on Microsoft Azure infrastructure that is **HIPAA-eligible** under Microsoft's Business Associate Agreement (BAA). Redact PDF AI itself is not independently HIPAA-audited; full HIPAA compliance requires:

- A BAA arrangement with us (contact info@redact-pdf.ai)
- Your own internal controls (workforce training, access controls, audit logs)
- Compliant overall workflow

We provide the privacy-by-design tooling: irreversible redaction, no AI training on PHI, deletion controls, EU/Swiss data residency, AES-256 encryption.

## How it works for clinical teams

1. Upload patient files — single or batch — including scanned charts (OCR built-in)
2. Default PHI sweep: Person, Date, Address, Phone, Email, Organization
3. Studio audit recommended for research-grade de-identification
4. Download — rasterized output, no recoverable PHI in metadata or text layers