anonym.legal

By · Last updated 2026-04-28

返回博客医疗保健

您的工具遗漏了18项HIPAA标识中的哪些?

HIPAA列出了18类受保护健康信息(PHI)标识,而大多数匿名化工具只能检测其中约6类。各医院的医疗记录号格式各不相同,美国也没有统一的国家标准。

April 28, 20269 分钟阅读
HIPAA 18 identifiersPHI complete detectionMRN detectionNPI DEA numbersHIPAA Safe Harbor compliance

您的工具遗漏了18项HIPAA标识中的哪些?

2026年更新版

HIPAA列出了18类PHI标识。大多数匿名化工具只能检测其中约六类,其余十二类往往被忽略——而每一项遗漏都意味着合规缺口。

安全港规则

HIPAA隐私规则(45 CFR § 164.514)定义了安全港去标识化方法。18类标识必须全部移除。每一类都去除后,数据才在法律意义上视为已去标识化。这也是安全港方法广受欢迎的原因:判断标准非此即彼,无需主观裁量。

18类标识如下:

  1. 姓名
  2. 小于州级的地理数据——街道地址、城市、县、邮政编码
  3. 除年份外的所有日期——出生日期、入院日期、出院日期、死亡日期
  4. 电话号码
  5. 传真号码
  6. 电子邮件地址
  7. 社会安全号码
  8. 医疗记录标识(MRN)
  9. 健康计划受益人代码
  10. 账户标识
  11. 证书和执照代码
  12. 车辆标识与序列号
  13. 设备标识与序列号
  14. 网络URL
  15. IP地址
  16. 生物特征标识——指纹、声纹
  17. 全脸照片及类似图像
  18. 任何其他唯一识别代码或数值

大多数工具能妥善处理第1、4、6、7类,但对第8、9、10、11、13、18类往往无法识别。

医疗记录号的检测缺口

医疗记录标识位于第8类。MRN格式由各医院自行制定,美国没有统一的国家标准。

A医院使用7位整数,B医院使用「PT-YYYYNNNN」格式,C医院使用8位字母数字混合字符串,D医院在9位代码前标注「MRN:」。

通用工具不会将「PT-2024-8847」标记为PHI,文档因此通过去标识化检查——但实际上并未完成去标识化。没有告警触发,团队以为工作已经完成,实则不然。

这是最危险的一类缺口:沉默的缺口。

三种修复方案

在Presidio中编写代码。 需要Python技能并持续维护,有效但耗时。

添加人工审核。 由人员逐份核查MRN,无法规模化。

使用AI辅助自定义实体创建。 无需代码,团队提供样本值,AI构建匹配规则。

具体流程如下:团队提供5个MRN样本值,例如:SVHS-0012345、SVHS-0987654、SVHS-1122334、SVHS-4455667、SVHS-8899001。AI读取结构后返回 SVHS-\d{7} 并与样本核验。团队将其保存至HIPAA预设,此后所有会话均可识别该格式。同样的方法适用于受益人代码和设备序列号。

预设功能详情请参阅HIPAA MRN检测指南,AI规则生成工作流说明请参阅AI规则生成指南

隐藏的认知误区

许多团队用包含姓名和电话号码的样本文档测试工具,工具通过测试,便认为已具备全面覆盖能力。然而样本文档很少包含机构专属标识,MRN和受益人代码在通用工具看来形同随机字符串,可以无障碍通过。

真正的安全港审计需要将全部18类标识逐一对应到具体检测方法。对于第8类,务必用本院实际MRN样本进行验证,不能假设工具已知晓您的格式。

完整框架详情请参阅我们的HIPAA合规概览

结语

安全港要求移除全部18类标识。通用工具覆盖的类别远不及此。那些没有统一格式的标识——MRN、受益人代码、设备序列号——正是通用工具的盲区。AI辅助自定义实体无需代码或人工审核,即可弥补这些缺口。

参考资料

  • HHS:HIPAA安全港,45 CFR § 164.514 — hhs.gov(已核实)
  • Shaip:医疗去标识化中的PHI标识类型 — shaip.com(已核实)
  • HHS OCR:2024年更新的去标识化指南 — hhs.gov(已核实)

相关文章

医疗保健

HIPAA OCR: 725 Breaches, 275M Records

HHS OCR reported 725 HIPAA breaches in 2024 affecting 275M records — the highest ever. $10.22M average healthcare breach cost.

医疗保健

Handwritten Form OCR & PII Detection

A mid-size hospital processes 50,000 handwritten intake forms per year. Manual PII redaction at this volume requires 0.5 FTE.

医疗保健

HHS 2025: AI Clinical Notes Need PHI

AI transcription systems can inadvertently put Patient A's PHI in Patient B's record. Here's why real-time PHI detection before EHR commit is the control.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.