Medical PII Scrubber (HIPAA-Aware)

Remove the 18 HIPAA identifiers from clinical text before AI use

Paste clinical notes or medical records and automatically detect and redact the HIPAA-defined identifiers — patient names, dates, MRNs, phone numbers, emails, SSNs, ZIP codes, and ages over 89 — to create a de-identified version safe for AI analysis, entirely in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Does this guarantee HIPAA Safe Harbor de-identification?

No. It catches the structured identifiers — dates, MRNs, phones, emails, SSNs, ZIPs, ages over 89, and titled names — but Safe Harbor requires removing all 18 categories including free-text names and locations. A human must review the output before any AI use.

Medical PII scrubber (HIPAA-aware)

Clinical text is some of the most sensitive data there is, and pasting it into an AI tool without de-identification is a HIPAA problem waiting to happen. This scrubber detects and redacts the structured HIPAA identifiers in clinical notes and records — locally, in your browser — so you can produce a de-identified version for AI analysis.

How it works

Paste a note and the tool runs a set of patterns aligned to the HIPAA Safe Harbor identifier list: dates, medical record numbers, phone and fax numbers, email addresses, Social Security numbers, URLs, IP addresses, ZIP codes, ages over 89, and names following titles like “Patient”, “Mr”, or “Dr”. Each match is replaced with a bracketed token such as [NAME] or [MRN], and you get a per-category count of what was caught. Nothing leaves your browser.

The HIPAA Safe Harbor method and what it requires

HIPAA’s Privacy Rule defines two methods for de-identification. The more commonly used method — Safe Harbor — requires removing or generalising 18 specific categories of identifier so that the residual data cannot be used to identify an individual. The 18 categories include:

  1. Names
  2. Geographic data smaller than a state (addresses, city, ZIP codes — except first 3 digits of ZIP in certain conditions)
  3. All dates (birth, admission, discharge, death, and any date directly related to the individual), except year
  4. Phone numbers
  5. Fax numbers
  6. Email addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate and licence numbers
  12. Vehicle identifiers
  13. Device identifiers and serial numbers
  14. Web URLs
  15. IP addresses
  16. Biometric identifiers
  17. Full-face photographs
  18. Any other unique identifying number or code

This tool detects the structured, pattern-matchable items from that list — categories 2 through 16. It does not catch free-text names scattered through clinical narrative (category 1), and it cannot recognise face photographs. Human review is not optional; it is part of Safe Harbor compliance.

Why everything runs locally

Protected health information (PHI) is legally regulated. Under HIPAA, transmitting PHI to a third-party service without a Business Associate Agreement creates a compliance exposure. Running de-identification entirely in the browser sidesteps that problem: the clinical text never leaves the machine, no server logs it, and no network request carries it. This is why the tool is structured to process client-side only, even though client-side pattern matching is less sophisticated than server-based NLP models.

For higher-volume or more sensitive use cases — such as de-identifying large EHR exports for research — purpose-built clinical NLP systems with formal HIPAA BAA coverage are the appropriate path.

Tips and notes

  • Not a Safe Harbor guarantee. Patterns catch structured identifiers, but free-text names and locations need a human pass — Safe Harbor demands all 18.
  • PHI never uploads here. Everything runs locally, which is the only way a browser tool should ever touch protected health information.
  • Expect some over-redaction. A 5-digit number may be flagged as a ZIP; that is the safe direction, but check it did not mangle clinical values.
  • Review every output. Treat the result as a strong first pass, then read it before it reaches any AI model.
  • Document your process. If you are using de-identified data for research or quality improvement, record how the de-identification was performed, including the human review step, in your project notes.