How to avoid PHI: Redaction tips and best practices

Avoiding accidental PHI disclosures

In accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other laws and regulations, the inclusion of patient-specific information and employee-specific information as exhibits must be avoided. Protected health information (PHI) must be removed from all Magnet documentation. If potential PHI is found in the documentation during the review process, the organization will be notified and be given five days to remove from all sources. The appraisers will stop the review if patient-sensitive information is identified.

TIP #1: Hiding vs. Permanently Removing

One common mistake that people make with digital documents is 'hiding' sensitive information versus permanently removing sensitive information. Some examples of hiding information include:

  1. Inserting and placing a black box over the information that you want to redact.
  2. Using the background color tool to create a black background behind black text (or changing the text color to white) so the sensitive information 'disappears' in the colored background.

While visibly hiding the information might make it immediately invisible to the naked eye, it does not necessarily make the information inaccessible. Issues that you can experience when using the two example strategies above:

  1. Even if you convert a word document to a PDF, a person reading could highlight and copy the section that is ‘hidden’, paste the text into another word editor (e.g. Notepad, blank email), and the information that you thought was hidden could be revealed.
  2. Depending on the software that a reader uses, some programs will allow the user to move or delete the black boxes that were created to hide the sensitive information or change the background color or text color back to reveal the hidden text.
Even the most experienced lawyers are not immune from these kinds of redaction mistakes as detailed in this article about a redaction fail in a recent high-profile court case.

Low-tech tips:

  1. The Sharpie Method
    Image of a black Sharpie
    Print your digital document, use a black sharpie (or black paper pieces) to cross-out/cover/hide the sensitive information, re-scan the document, and then save it as a new, redacted version. (This is not a full-proof method however because apparently image recognition technology is good enough now to analyze words that have been ‘blacked out’ by this manual hand method.)

  2. Hide, Print, and Re-scan.
    If you have no other options than to use the hiding strategies of inserting black boxes or changing background colors to hide text, you can then print the document, re-scan the printed document, and then save it as a new, redacted version. This process will digitally 'flatten' the document and prevent the ability to ‘copy and paste’ the redacted text.

  3. The delete button is your friend.
    When possible, use your word processor program to edit and delete the sections or words that need to be redacted. Replace the parts that you deleted with “[REDACTED]”. This method definitely prevents any copy/paste or hi-tech recognition possibilities, and it also helps prevent a reader from guessing the redacted content by trying to count the number of characters that were redacted (if it is a short redaction or phrase). [Pro tip: Make sure your ‘Track Changes’ option is off!]

Redaction tools:

There are many third-party tools and software designed for managing digital documents and redacting. The most widely used and reputable one is Adobe Acrobat Pro that features a redaction tool and other tools that help remove sensitive content from PDF documents before sharing. While Adobe is pushing its cloud version that has a monthly/annual subscription pricing plan, the ‘desktop software only’ version of Adobe Acrobat Pro is still available as a one-time purchase. You can compare the version options here:

TIP #2: Don’t forget the Metadata!

Another common mistake we have found trending is forgetting to remove document metadata. What is document metadata? Document metadata is ‘hidden’ information that describes the contents and data of the document including the document title, the author’s name, date created, tags, comments, and other hidden text that cannot necessarily be seen when initially viewing at a document.

Many readers do not even know that document metadata exists, but it is important to know when trying to safeguard PHI. Both Microsoft Word documents and PDF documents carry this hidden metadata when documents are emailed, attached, uploaded, and/or digitally converted.

Here is an example:

  • This is a word document that was redacted and will be converted to a PDF document for upload:
    document metadata example 1
  • After converting the Word doc to a PDF document and opening the document in my web browser (or in Adobe Reader), you can see the ‘document title’ highlighted below and displayed that contains PHI:
    document metadata example 2
  • As you can see above, although the 'file name' was changed to “Report-Example—2019-11-10—PDF.pdf”, the document ‘title’ was still carried over with the other metadata when converting from Word to PDF, and the original document was titled “Medical Test Results report: JOHN SMITH”.
  • In Adobe Reader (free) or Adobe Acrobat, you can access and view the document metadata by going to FILE > Properties.
    document redaction example 3

Editing or removing metadata in a PDF may require Adobe Acrobat or another third-party PDF editing program. However, if your original document was created in Word, you can easily remove document metadata in a Word document before converting it to a PDF.

How to remove document metadata in Microsoft Word

Instructions may vary depending on your Microsoft Word version, but generally:

    1. Go to the FILE menu and click the Info tab.
    2. In the Inspect Document section, click the “Check for Issues” box.
    3. Then click the Inspect Document option from the dropdown menu. The Document Inspector pop-up window will display.
    4. Make sure that the “Document Properties and Personal Information” box is checked and choose the other options that you want to be inspected for removal.
    5. Click the “Inspect” button. After Word inspects the document and displays the results, click the “Remove All” button next to the items that you checked.
    6. To keep the changes, don’t forget to SAVE your document!
    7. You can check out more detailed info and instructions in these online articles:

The information and guidance in this discussion post/web page is not legal advice and should not be treated as such. The information is provided without any representations or warranties, expressed or implied. Information on this webpage may not constitute the most up-to-date information; and it contains links to other third-party websites for the convenience of the reader and ANCC does not recommend or endorse the contents of the third-party sites. We encourage you to consult with your Privacy and/or Compliance Officer, Legal, and Information Technology departments about your organization’s policies and procedures regarding the HIPAA Security Rule and safeguards.