Pharmacy-claims de-identification is the removal of all 18 HIPAA Safe Harbor IDs (45 CFR §164.514(b)) from a claims extract. anonym.plus does this locally. The fill and cost fields stay; the data no longer names the member.
When this applies
A claims extract ties many fills to one named member with a plan number. For analytics, you strip the IDs but keep the medicine, cost, and fill timing.
How anonym.plus handles it
- Point anonym.plus at the extract on your device.
- It scans ID columns and any free-text notes.
- Member names, plan numbers, and dates get flagged.
- Confirm the flags; the medicine and cost stay as non-IDs.
- Swap IDs with a steady map to keep row joins.
- Save the clean dataset; the source stays on your machine.
What you need to provide
- The extract as CSV, JSON, or a bundle of files.
- A column map for member and plan ID fields.
- Replace with a steady map to keep table joins.
PHI entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Names | PERSON | member_name → [MEMBER_n] |
| Identifiers | NATIONAL_ID | plan no. → [PLAN_ID] |
| Dates | DATE_TIME | fill_date → shifted [DATE] |
| Record IDs | MEDICAL_RECORD_NUMBER | claim no. → [CLAIM_ID] |
| Location | LOCATION | zip field → [ZIP] |
| Identifiers | US_SSN | ssn field → [ID] |
Compliance achieved
- Strips all 18 ID classes for HIPAA Safe Harbor (45 CFR §164.514(b)).
- Keeps the fill and cost fields, which are not member IDs.
- Offline work means the tool needs no BAA.
Anonymize pharmacy claims offline — see plans & start free →
Limitations & cautions
A full zip is a Safe Harbor identifier; cut it to the first three digits where the rule allows. The medicine and cost stay. Test a sample before a full run, and check that date-shift keeps the gaps your analysis needs.
Frequently asked questions
Can claims stay linkable after the swap?
Yes. A steady label map swaps each ID the same way, so rows for one member still join while no real identity is left.
Are the medicine and cost fields kept?
Yes. They are not member identifiers, so they stay. Only the 18 ID types are removed.
Why work locally rather than in the cloud?
Sending raw claims to a cloud tool is itself a disclosure with breach risk. Local work skips that risk; the data stays on your device.