• By Sidra Jabeen
  • Last updated: January 23, 2023
  • 4 minute read

Understanding the HIPAA Privacy Rule for Redaction

Learn more about the rules for redaction under HIPAA as stated by the Privacy Rule and how VIDIZMO's redaction tool can help in the process.

Do you know tens of thousands of patient records were posted to the dark web last year?

According to NBC News, hackers published extensive patient data from different hospitals and medical centers. These files comprised tens of thousands of diagnostic test results and letters to insurers, including the personal information of patients.

In this digital era, you can now access your medical information easily with just one click. Technological advancements have produced many benefits that include easy access to health-related information, communication with healthcare providers, educating students through digital media, etc.

Along with these benefits, there are some security risks as well. Healthcare data is private.

Nobody wants his medical records to be accessed publicly!

It is our utmost responsibility to protect personal health information from third parties at all levels.

Sometimes, sharing medical records is not restricted to medical professionals and patients only; it can be shared with third parties (educational institutions, Government) for legal or research purposes.

Therefore, redaction of PHI (Protected Health Information) is necessary, and it is a requirement as per the standard Privacy Rule of HIPAA.

In this article, we will cover HIPAA redaction rules for you. We will also discuss an AI-based tool that you can use to redact PHI conveniently.

PHI Under HIPAA Compliance: An Overview  

Health Insurance Portability and Accountability Act (HIPAA) is an act that was passed by the U.S. Department of Health and Human Services in 1996 and updated with the HITECH act in 2009. It provides the rules for the privacy and protection of medical records and health information of patients.

All covered entities (Health Providers, Health Plans) and business associates that collect Patient Health Information (PHI) are bound to follow the HIPAA rules. HIPAA ensures that an individual’s health information is secured.

All health information is considered PHI when it includes individual identifiers.

PHI data under HIPAA compliance could be any information in the form of:

  • Physical data

  • Digital data

  • Spoken words 

Protected Health Information (PHI) is any health information, including demographic information, which is associated with:

  • Past and present physical and mental health conditions of an individual.

  • Provision of healthcare to the individual.

  • Payments for the provision of healthcare to the individual.

As per HIPAA Privacy Rule, there are 18 identifiers of PHI:

  • Name

  • Address

  • All elements of dates, including birthdates, admission and discharge dates, date of death etc.

  • Telephone numbers

  • Email addresses

  • Fax numbers

  • Social Security numbers

  • Medical record numbers

  • Health Plan Beneficiary numbers

  • Account numbers

  • Certificate or license numbers

  • Vehicle identifiers and serial numbers, including license plate numbers

  • Device identifiers and serial numbers

  • Web URL

  • Internet Protocol IP Address

  • Finger or voice print

  • Photographic Images (Not limited to Face only)

  • Any other characteristic that could uniquely identify the individual

Who is Bound to Follow HIPAA Privacy Rule?

All covered entities (Healthcare Providers, Health Plans and Healthcare Clearinghouses) and business associates that collect and maintain a record of Patient Health Information (PHI) are bound to follow the HIPAA rules.

HIPAA ensures that an individual’s health information is secured. Covered entities can include a person, organization or any institution. HIPAA Privacy Rule applies to the following covered entities:

Blog Image- Sidra (004)

The breach of the above-mentioned information is considered a HIPAA violation and is a serious crime that results in penalties.  

 According to American Medical Association, 

“Violation of HIPAA compliance rules results in penalties ranging from min $100 to max $50,000 per violation with an annual max of $25,000 for a repeat violation.”

An online call with patient information being recorded

De-identification/Redaction Rules Under HIPAA 

To prevent violations, PHI needs to be redacted before being shared with others. Redaction under HIPAA is covered in the Privacy Rule, which is responsible for regulating the use and disclosure of personal health information.

According to the Privacy Rule of HIPAA, it is termed as ”deidentification,” where you can easily hide one of the 18 identifiers of PHI.

The basic principles of the HIPAA Privacy Rule are as follows:

  • The rule protects all PHI, including individually identifiable health or mental health information held or shared by covered entities.

  • It limits the conditions under which covered entities may disclose PHI.

  • The covered entity is responsible to give access to individuals with their own PHI.

HIPAA Privacy Rule permits patients and medical professionals to access their medical records for treatment, payment, and health care purposes.

But this rule is not just applicable to healthcare organizations only; in fact, sometimes health records need to be shared with covered entities.

“Covered Entities” include Health plans, healthcare providers, healthcare clearinghouses, business associates, and health insurers. For example, health insurers can gain access to PHI for billing information with patients' consent ensuring that PHI is properly protected.

In certain circumstances, covered entities can use and disclose health information without patients' authorization which is as follows: 

  • When required by federal law for public health purposes.

  • When required by law enforcement agencies. 

  • For clinical research purposes.

  • Conducting health care operations (quality assurance, compliance monitoring).

  • Reporting abuse victims and violence cases. 

  • Health oversight activities. 

  • Judicial or administrative matters. 

On account of the rules and regulations mentioned above, covered entities are held accountable for the proper handling and deidentification of personal information before disclosure. Therefore, redaction is necessary to remove personal health-related information from medical records before sharing ahead.

Redaction is a time-consuming process, so many organizations are looking for an efficient HIPAA-Compliant Redaction Tool that saves time.

VIDIZMO: As a HIPAA Compliant Redaction Tool. 

A Screenshot of VIDIZMO Redaction Tool

Are you looking for a redaction software that is fully compliant with HIPAA Privacy Rule and fulfill all your redaction needs? 

Then here is a solution for you!

VIDIZMO is a HIPAA-compliant redaction software that redacts audio recordings and videos highlighting personal health information in medical records using artificial intelligence services.

Key features of the VIDIZMO redaction tool include: 

  • Detect and track faces and bodies and redact them automatically by using artificial intelligence. 

  • Blur objects in images, mute or bleep audio segments, and hide specific words in documents containing PHI. 

  • Hide sensitive PHI appearing in videos, such as names, medical records, full-face photos, etc. 

  • Redact multiple files simultaneously. 

  • AI-Powered redaction with manual redaction capabilities for accurate results.

  • It has an IDC-recognized Digital Evidence Management System* with a chain of custody, transcription, translation, and secure sharing features.

It also offers a HIPAA-Compliant Video Platform with various security features to protect PHI.

We offer much more... See all features offered in VIDIZMO Redaction Software. 



If u want to buy our product, there are three ways to do so:

Standalone Redaction Tool

VIDIZMO offers simple software to upload files and quickly redact them. With the VIDIZMO HIPAA-compliant redaction tool, the process is simple and fast.

All you need to do is upload audio/video files. Our AI (Artificial Intelligence) will detect all appearing faces and objects, select the ones you want to redact, and they will be blurred throughout the video. 

Video Content Management System

We have Gartner recognized Video Content Management platform with multiple features that enable end-to-end video management and streaming. You can upload videos and manage them securely here.

Learn more about EnterpriseTube.

Learn More About VIDIZMO EnterpriseTube

Digital Evidence Management System

You can opt for our IDC-Recognized Digital Evidence Management System*, which enables law enforcement agencies and other organizations to store, manage, and share digital evidence collected at crime scenes through various sources like dashcams, body-worn cameras, drones, and CCTV cameras while ensuring the highest level of compliance with CJIS and FedRAMP.

Explore All Features

All these three options are available as SaaS, or you can deploy in Azure Commercial/Government cloud or your on-premises data center. 

Read More: HIPAA Compliant vs. HIPAA Ready 

Do check out our detailed guide on redaction to understand the requirements under other compliances, tools available and more.

*This is about the document: IDC MarketScape: Worldwide Digital Evidence Management Solutions for Law Enforcement 2020 Vendor Assessment, #US44848219e, November 2020. 


Posted by Sidra Jabeen

Sidra is a Senior Product Marketing Strategist at VIDIZMO. Sidra is actively involved in Research. An expert in Digital Evidence Management System Technologies. For Queries, you can email at websales@vidizmo.com

VIDIZMO Whitepapers

Submit Your Comment

Free Trial GIF
Choose your product and start your 7-day free trial today.