Internal Audit Dataset De-Identification with anonym.plus

Healthcare Solution · Hospital Administration · HIPAA Safe Harbor (45 CFR §164.514(b))

Audit-dataset de-identification is the removal of all 18 HIPAA Safe Harbor IDs (45 CFR §164.514(b)) from a compliance extract. anonym.plus runs on your own device. The findings stay testable, but the rows no longer name patients or staff.

When this applies

A compliance team samples charts and access entries to test a control. The sample names patients and the workers who touched each chart, and that must come out.

How anonym.plus handles it

1. Point anonym.plus at the sample on your server.
2. It scans ID columns and any free-text fields.
3. Steady labels keep links across joined rows.
4. Review the summary and adjust the column rules.
5. Swap each ID, shifting dates to keep the gaps.
6. Save the clean sample. Source rows stay local.

What you need to provide

• The sample (CSV, JSON, or a file bundle).
• A column map for known ID fields.
• Replace with a steady map to keep joins.

PHI entity types detected

Compliance achieved

• Strips all 18 ID classes for HIPAA Safe Harbor (45 CFR §164.514(b)).
• Runs offline, so the tool itself needs no BAA.
• Keeps row links steady, so the control stays testable.

Limitations & cautions

A compliance sample mixes tidy columns with note fields. The columns are easy to map; notes need the same care as any chart. Test a small slice first, and confirm that date-shifting keeps the gaps your test relies on.