Session note de-identification is the removal of identifying data from a therapist's free text. 42 CFR Part 2 guards substance use detail tightly. anonym.plus does this on your own device, and the prose stays readable.
When this applies
You want to share a case for supervision or teaching. The file names the client, a spouse, and an employer. Each one must be hidden first.
How anonym.plus handles it
- Open the file in anonym.plus on your own computer.
- Local OCR reads any scanned page, so typed text is caught too.
- It flags client names, dates, and any third party mentioned.
- Review each match and clear a clinical term caught in error.
- Replace each tag with a safe label, or black it out.
- Save the clean copy. The first version never leaves your machine.
What you need to provide
- The file (PDF, DOCX, TXT, or image scan).
- An operator: Replace (swap), Redact (remove), or Mask (partial).
- Optional: a key map if you must re-link cases later.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Client name | PERSON | Daniel Ortiz → [CLIENT_1] |
| Session date | DATE_TIME | Seen 04/02/2026 → [DATE] |
| Spouse named | PERSON | wife Karen → [FAMILY_1] |
| Employer | ORGANIZATION | Atlas Logistics → [EMPLOYER] |
| Phone | PHONE_NUMBER | (312) 555 0173 → [PHONE] |
| Record ID | MEDICAL_RECORD_NUMBER | MRN 55218 → [MRN] |
Compliance achieved
- Strips identifiers in SUD text for 42 CFR Part 2.
- Runs offline, so the tool itself needs no BAA.
- Working files are sealed with AES-256-GCM.
- Also covers GDPR Art. 9 health data for EU clients.
Anonymize therapy session notes offline — see plans & start free →
Limitations & cautions
Part 2 limits who may see the data and how it may be re-shared. The tool removes named identifiers from the text. You still judge rare free-text clues that could point back to one person.
Frequently asked questions
Why is 42 CFR Part 2 stricter than HIPAA?
It guards federally assisted substance use treatment data. It limits redisclosure and usually needs written consent, even where HIPAA would allow a use. So the bar is higher.
Does this need a BAA?
No. The app runs on your own device with no cloud step. No outside party touches the data, so the tool itself needs no BAA.
Are family members hidden too?
Yes. A named spouse, parent, or employer is an identifier. The tool flags each one so a reader cannot trace the client through a relative or workplace.