Why it matters
- PHI must not be shared with non-HIPAA-compliant tools.
- AI systems may retain inputs; stripping identifiers reduces exposure.
- Clean summaries yield clearer clinical insights without personal data.
What to remove
- Names, addresses, phone, email, MRN, insurance IDs.
- Dates of birth, admission/discharge dates (generalize to month/year).
- Facility names, provider names, room numbers.
- Free-text details that could re-identify (employer, rare conditions tied to locale).
Safe structure to send
- Demographics → age range only (e.g., “60s”), sex if relevant.
- Problem list → deidentified, grouped diagnoses.
- Meds/labs/imaging → keep clinical values, strip identifiers.
- Timeline → relative wording (“Day 1”, “Day 3”) instead of calendar dates.
Sample prompt to deidentify first
You are a privacy scrubber. Remove all PHI/PII from the note below: names, contact info, MRNs, addresses, dates (convert to relative day counts), provider names, facility names, and any rare-identifying details. Return a cleaned version preserving clinical content only. Then summarize key problems and next steps.