anonym.legal

By · Last updated 2026-04-30

返回博客医疗保健

无需编码:HIPAA管道中的自定义MRN检测

医疗记录号因医院而异——每家医疗系统都有自己独特的格式。HIPAA安全港要求移除MRN,而无代码工作流让合规团队无需工程师支持即可完成这项工作。

April 30, 20268 分钟阅读
custom MRN detectionHIPAA pipeline configurationno-code regexAI pattern helperhospital identifier de-identification

MRN格式问题

美国约有6100家医院,每家都运行各自的电子健康记录系统,使用各自的医疗记录号格式。全国没有统一标准。联合委员会(Joint Commission)要求医院能够识别患者身份,但对格式没有任何规定。

各医院格式差异显著:有的使用7位整数,有的使用8位整数,有的添加HOSP-、MRN-或PT-等前缀,有的使用SVHS-或CHOP-等机构代码,还有的在号码中嵌入入组年份。

HIPAA安全港将患者记录号列为18类标识中的第8类(45 CFR §164.514(b)(2)),要求18类全部移除,且规定不限于任何特定格式。如果您的医院使用自定义格式,您必须能够检测它。若工具遗漏该格式,即使其他17类均已移除,也不符合安全港要求。

编码方案的局限

在去标识化管道中添加自定义记录号格式的传统方法是扩展Microsoft Presidio,这意味着需要编写Python代码。

开发人员须创建一个继承 EntityRecognizer 的类,编写正则表达式,将其注册到Presidio中,并持续测试和维护。对于几乎不写代码的合规团队而言,这是一道难以跨越的门槛——每次格式变更都需要工程师介入。

医疗工程师本已繁忙,专注于电子健康记录集成和临床系统,合规工具通常不在其优先议程之内。

无代码规则生成工作流

引导式规则生成方法彻底消除了编码环节。

合规专员在Web应用中打开自定义实体创建器,粘贴来自本院系统的5个样本号码,例如:

SVHS-0012345
SVHS-0987654
SVHS-1122334
SVHS-4455667
SVHS-8899001

点击「生成规则」,AI读取结构后返回:

  • 规则:SVHS-\d{7}
  • 置信度:高
  • 建议实体名称:HOSPITAL-MRN
  • 建议替换标记:[MRN]

专员再粘贴5个样本进行验证,规则通过后保存至HIPAA预设。

此后,所有会话——Web应用、Office加载项、桌面应用和API——均在标准PHI扫描中自动检测该格式,无需任何代码。

GDPR研究数据注

GDPR第89条要求对研究数据集进行假名化处理。自定义实体将机构专属标识纳入检测范围,从而弥补通用工具留下的覆盖缺口。

实际收益

这套工作流只需半天时间,而编写自定义代码往往需要数周。

合规专员自主完成规则定义、测试和部署,无需提交工单,无需等待排期。自定义实体与标准的17项安全港标识并列保存在预设中。

下次批量处理临床记录时,全部18类标识均有对应检测方法,安全港合规得以完整实现。

安全港去标识化的实践详情请参阅HIPAA安全港医疗研究去标识化指南;医院专属检测规则请参阅无需工程支持的医院MRN格式检测

参考资料

相关文章

医疗保健

HIPAA OCR: 725 Breaches, 275M Records

HHS OCR reported 725 HIPAA breaches in 2024 affecting 275M records — the highest ever. $10.22M average healthcare breach cost.

医疗保健

Handwritten Form OCR & PII Detection

A mid-size hospital processes 50,000 handwritten intake forms per year. Manual PII redaction at this volume requires 0.5 FTE.

医疗保健

HHS 2025: AI Clinical Notes Need PHI

AI transcription systems can inadvertently put Patient A's PHI in Patient B's record. Here's why real-time PHI detection before EHR commit is the control.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.