HIPAA PHI Detector
The hipaa-phi-detector policy is a text-focused PHI safeguard for the Keeptrusts gateway. It evaluates request messages before the upstream call and, when the policy is present in the chain, also enables buffered response redaction for matching output text. The detector uses the base PII engine plus HIPAA-oriented heuristics such as names, addresses, fax numbers, medical record numbers, health-plan identifiers, license or certificate numbers, device identifiers, and text mentions of biometric or photo identifiers.
Configuration
pack:
name: hipaa-phi-detector
version: "1.0.0"
enabled: true
policies:
chain:
- hipaa-phi-detector
policy:
hipaa-phi-detector:
action: redact
mode: hipaa_18
safe_harbor_method: true
Fields
| Field | Type | Description | Default |
|---|---|---|---|
action | "redact" | "block" | Request-phase behavior when the detector finds PHI-like content. redact returns a redaction verdict and enables response redaction in the shared output pipeline. block blocks the request on input, but output handling still uses buffered redaction rather than a hard output block. | "redact" |
mode | string | Accepted compatibility field. The gateway currently only recognizes hipaa_18, and the value does not change detection behavior today. | "hipaa_18" |
safe_harbor_method | boolean | Accepted compatibility field. The current detector reads the flag but does not change matching logic based on it. | true |
What the detector actually covers
The detector is heuristic and text-only. It combines the base PII detector with HIPAA-oriented matching rules.
Base PII engine
The shared detector contributes matches for items such as:
- email addresses
- Social Security numbers
- phone numbers
- public IP addresses
- URLs with specific paths or query strings
- dates
- account numbers
- ZIP codes
- license plates
HIPAA-oriented extensions
When the HIPAA detector is active, the gateway also looks for:
- person names
- street addresses and city mentions
- fax numbers
- medical record numbers
- health-plan or policy identifiers
- certificate and driver's license numbers
- device identifiers and serial numbers
- text mentions of biometric identifiers
- text mentions of photos or facial images
How it works
- Request evaluation: the gateway joins request messages and evaluates
hipaa-phi-detectorduring the input phase. - Detection: the gateway combines the general PII detector with HIPAA-specific heuristics.
- Input verdict: if a match is found,
action: redactproduces a redaction verdict andaction: blockproduces a block verdict. - Response redaction: when the policy is in the chain, the gateway also enables buffered output redaction for matching response text. That output path uses the shared redaction pipeline.
- Audit details: the decision event records the first matched kind, reason code, confidence counts, and the redaction targets.
Important limitations
- This policy is not a formal HIPAA Safe Harbor certification engine.
modeandsafe_harbor_methodare accepted for forward compatibility, but they do not change matching behavior today.- Detection is text-focused. Image files, voice samples, and non-text artifacts are not inspected by this policy.
Valid examples
Redact matching PHI-like content
pack:
name: hipaa-redaction
version: "1.0.0"
enabled: true
policies:
chain:
- hipaa-phi-detector
policy:
hipaa-phi-detector:
action: redact
mode: hipaa_18
safe_harbor_method: true
Block PHI-like input before it reaches the model
pack:
name: hipaa-block
version: "1.0.0"
enabled: true
policies:
chain:
- hipaa-phi-detector
policy:
hipaa-phi-detector:
action: block
mode: hipaa_18
safe_harbor_method: true
Best practices
- Use
action: redactwhen you want the gateway to sanitize content instead of rejecting the turn. - Pair
hipaa-phi-detectorwithhealthcare-compliancewhen you need both PHI protection and medical-content controls. - Use
rbacfor minimum-necessary access rules; the HIPAA detector only finds PHI-like text, it does not authorize access. - Validate with representative PHI test strings and inspect emitted events before rollout.
Next steps
- PII Detector — Shared redaction controls and general PII detection
- Healthcare Compliance — Medical-output governance
- Human Oversight — Escalate sensitive outputs for review
- RBAC — Role, identity, and sensitivity-based access control