How to Redact PHI from Medical Records (HIPAA-Safe, No Upload, 2026)
How to Redact PHI from Medical Records
Before a medical record leaves your office, whether for a records request, a referral, a research dataset, or a billing dispute, any protected health information (PHI) that the recipient isn't entitled to see has to be removed. Do it wrong and the "redacted" text is still recoverable, which is a reportable breach. Do it right and the information is permanently gone. Here is how to redact PHI properly, and why the file should never be uploaded to do it.
What counts as PHI
Protected health information is any information in a record that can identify a patient and relates to their health, care, or payment for care. In practice that includes names, addresses, dates tied to the individual, phone and fax numbers, email addresses, Social Security numbers, medical record and account numbers, health plan beneficiary numbers, and more. HIPAA's Safe Harbor method lists 18 categories of identifiers that must be removed to fully de-identify a record. (For a complete walkthrough, see our guide on removing the 18 Safe Harbor identifiers.)
Why a black box is a breach waiting to happen
If you draw a black rectangle over a patient's name in a basic PDF viewer, the name is still in the file. The box is a graphic sitting on top of live text, and anyone can select it, copy it, or delete the box and read what's underneath. In a healthcare context that isn't a cosmetic slip: it's an impermissible disclosure of PHI. True redaction removes the underlying content so there is nothing left to recover.
Why the file should never be uploaded
Uploading a patient record to an online converter or "redaction" website means the PHI has already left your control and now sits on a third party's servers, often without a Business Associate Agreement in place. The safest way to redact is with a tool that processes the file entirely on your own device, so the record is never transmitted anywhere.
PDF Zone runs completely in your browser using WebAssembly. The medical record is never uploaded, and its redaction rasterizes the covered area so the hidden text can't be recovered.
How to redact a medical record (step by step)
- Open the Edit PDF tool. It processes the file locally, so nothing is uploaded.
- Drag in the record.
- Select the redaction tool.
- Use Ctrl + F to find each identifier so you don't miss one, then draw a box over every piece of PHI: names, dates of birth, SSNs, MRNs, addresses, and account numbers.
- Apply the redaction and download the clean copy.
Because the redacted regions are flattened, the data underneath is permanently gone in the downloaded file.
Don't forget the hidden data
Redaction removes what's on the page, but a PDF also carries metadata: author name, the software that created it, and timestamps, none of which show on the page. Clear it with the Edit Metadata tool, and use Flatten PDF to remove any comments or annotation layers.
Verify before you release
Never trust a redaction you haven't tested:
- Open the downloaded file fresh.
- Try to select each redacted area. Nothing should highlight.
- Search a redacted term with Ctrl + F. It should return no results.
- Optionally, run Extract Text and confirm the identifiers are absent.
If anything selects or searches, the redaction didn't remove it. Redo it with a tool that flattens the content.
A quick pre-release checklist
- Redacted every PHI identifier the recipient isn't entitled to, including in headers, footers, and tables.
- Cleared metadata and flattened the file.
- Verified nothing is selectable or searchable.
- Never uploaded the original record to a third-party service.
- For a fully de-identified dataset, confirmed all 18 Safe Harbor identifiers are gone.
Frequently Asked Questions
How do I redact PHI from a medical record?
Open PDF Zone's Edit PDF tool, select the redaction tool, box out every identifier (names, dates, SSN, MRN, addresses), apply, and download. The tool rasterizes the covered area so the PHI can't be recovered, and it runs in your browser so the record is never uploaded.
Is drawing a black box the same as redacting a medical record?
No, and in healthcare it's a serious mistake. A black box leaves the text intact underneath, where it can be copied or uncovered. Real redaction removes the underlying content, which is what prevents an impermissible disclosure.
Is it safe to redact patient records with an online tool?
Only if the tool processes the file on your device. Uploading PHI to a web service sends it to a third party's servers, often with no Business Associate Agreement. PDF Zone redacts locally in your browser, so the record is never transmitted.
Does redaction make a record HIPAA de-identified?
Not by itself. Removing the visible identifiers you box out is part of it, but full Safe Harbor de-identification requires removing all 18 categories of identifiers and having no actual knowledge the remaining data could re-identify the person. See our de-identification guide.
How do I know my redaction is permanent?
Open the finished file, try to select the redacted area (nothing should highlight), and search the redacted term with Ctrl + F (no results). Because PDF Zone rasterizes the region, the text is gone rather than merely hidden.
Do I need to remove metadata from a medical PDF too?
Yes. Author names, timestamps, and comments live in the file's metadata and layers, not on the page. Clear them with Edit Metadata and Flatten PDF before releasing the record.
Can I redact a scanned medical record?
Yes. On a scan the text is already an image, so boxing the area and flattening removes it. Redact last, then verify that nothing is selectable or searchable.
Is PDF Zone HIPAA compliant?
Compliance is a property of your organization and workflow, not of a tool. What PDF Zone provides is processing that happens entirely on your device, so a patient record is never uploaded, which helps you keep PHI under your control while meeting your own HIPAA obligations.
Related: HIPAA De-Identification: The 18 Safe Harbor Identifiers · Send a Confidential Document Securely · Edit PDF · Encrypt PDF
Ready to try it yourself?
Redact protected health information from medical records the right way: permanently, and without uploading patient files to a server. A practical, HIPAA-aware guide for clinics and billing teams.
Open the tool