HIPAA · Healthcare

HIPAA PDF Redaction —
Free & Browser-Based

Remove Protected Health Information from medical PDFs to meet HIPAA de-identification standards. No cloud uploads. Files never leave your device.

Start Redacting — Free

PHI never transmitted · Works on any device · Free plan available

What is HIPAA De-Identification?

HIPAA's Privacy Rule requires that Protected Health Information (PHI) be de-identified before sharing with researchers, analysts, or any party not covered by a Business Associate Agreement. The Safe Harbor method (45 CFR §164.514(b)) specifies 18 categories of identifiers that must be removed or redacted.

Failing to properly de-identify PHI before sharing — even internally — can result in HIPAA violations ranging from $100 to $50,000 per incident, with a maximum annual penalty of $1.9 million for repeat violations.

The 18 HIPAA Identifiers to Redact

👤
NamesPatient, family members, employer
📍
Geographic dataAddress, city, ZIP (last 3 digits)
📅
DatesDOB, admission, discharge, death
📞
Phone numbersAny contact number
📠
Fax numbersAny fax number
✉️
Email addressesAny personal email
🔒
SSNsSocial Security Numbers
🏥
Medical record numbersMRN, chart numbers
🏦
Health plan beneficiary #Insurance member IDs
🧾
Account numbersFinancial account references
📜
Certificate/license numbersProfessional license IDs
🚗
Vehicle identifiersLicense plates, VINs
💻
Device identifiersSerial numbers, implant IDs
🌐
Web URLsAny personal URL or web address
🖥️
IP addressesFull IP addresses
🔑
Biometric identifiersFingerprints, voice prints
🖼️
Full-face photosAny identifying image
🆔
Any unique identifierAny other unique number or code

How to Redact PHI from a PDF with SignPDF

1

Open the medical PDF

Go to SignPDF and open your document. Because processing happens entirely in your browser, PHI is never transmitted over the network — a key HIPAA consideration.

2

Open AI Redaction (Plus/Pro)

Click the Redact tool and open the AI Redaction panel. Select which PHI patterns to scan for: SSNs, emails, phone numbers, and dates are detected automatically from the PDF text layer.

3

Manually redact remaining identifiers

Patient names, MRNs, and addresses often require manual redaction using the brush tool, as they don't follow predictable patterns. Brush over each instance carefully — the black overlay is permanent and removes the underlying text.

4

Verify all 18 categories

Review the document page-by-page against the HIPAA Safe Harbor checklist. For scanned PDFs, visually verify each page — the AI cannot read image-only content.

5

Export the de-identified PDF

Download your redacted PDF. The exported file contains no recoverable PHI in its text layer. Store or share the de-identified version as needed for research, billing review, or audit.

Legal disclaimer. SignPDF is a software tool that assists with redacting identifiers from PDFs. It does not certify HIPAA compliance. Organizations subject to HIPAA should work with qualified legal and compliance counsel to verify their de-identification processes meet the full requirements of 45 CFR §164.514. For Expert Determination de-identification (the statistical method), engage a qualified statistical expert.

Why Browser-Based Redaction Matters for HIPAA

Most online redaction tools — Smallpdf, Adobe online, ILovePDF — upload your file to their servers. For documents containing PHI, this creates a potential HIPAA exposure: you're transmitting health information to a third party without necessarily having a signed Business Associate Agreement in place.

SignPDF processes everything in your browser. Your PDF, including all PHI it contains, is never transmitted to our servers. This architectural approach eliminates the server-transmission risk entirely.

For organizations that need a formal BAA and audit logging, the Pro plan is recommended. Contact us for enterprise arrangements.

Redact PHI Without Cloud Risk

Browser-based HIPAA redaction. Medical data never transmitted. Free to start.

Open SignPDF — Free →

No account required · PHI stays on your device