PHI Detection
Scrub automatically detects Protected Health Information (PHI) in your API requests to help maintain HIPAA compliance.
What is PHI?
Protected Health Information (PHI) is any health-related information that can be used to identify an individual. Under HIPAA, there are 18 types of identifiers that qualify as PHI when combined with health information.
How Detection Works
When you send a request to Scrub:
- Content is scanned - All message content is analyzed for PHI patterns
- Matches are identified - Any detected PHI is flagged with its type
- Action is taken - Based on your settings, PHI is flagged, blocked, redacted, or masked
- Request proceeds - Clean content is forwarded to your AI provider
- Audit log created - Detection results are logged for compliance
Detection Coverage
Scrub currently detects 20+ PHI patterns including:
- Social Security Numbers
- Medical Record Numbers (MRN)
- Dates of Birth
- Phone Numbers
- Email Addresses
- Physical Addresses
- Medicare/Medicaid IDs
- And more...
See PHI Patterns for the complete list.
Handling Modes
You can configure how Scrub handles detected PHI:
| Mode | Description |
|---|---|
| Flag/Audit | Detect and log PHI, but allow request to proceed (default) |
| Block | Reject requests containing PHI |
| Redact | Remove PHI from content before forwarding |
| Mask | Replace PHI with placeholder tokens |
See Handling Modes for details on each mode.
Configuration
Configure PHI handling in your Dashboard Settings:
- Go to Settings
- Find PHI Handling Mode
- Select your preferred mode
- Save changes
Changes take effect immediately for all new requests.