A radiology report needs to be sent to a research collaborator. The clinical content is what matters; the patient's medical record number is just a leak waiting to happen. Redact before forwarding.
Why MRNs need redaction
A Medical Record Number (MRN) is the unique identifier linking a document to a patient within a healthcare provider's system. Combined with a name or date, it's enough to look up the patient's full record in many systems.
Under HIPAA, MRNs are explicitly listed as one of the 18 identifiers that make health data 'Protected Health Information'. Removing them is a step toward 'de-identification' under the Safe Harbor method.
The 18 HIPAA identifiers
HIPAA's Safe Harbor method requires removal of:
- Names - Geographic subdivisions smaller than state - All dates except year - Telephone numbers - Fax numbers - Email addresses - Social Security numbers - Medical record numbers - Health plan beneficiary numbers - Account numbers - Certificate/license numbers - Vehicle identifiers - Device identifiers - URLs - IP addresses - Biometric identifiers - Full-face photographs - Any other unique identifying number or code
For a fully de-identified document, all of these need to go.
How to redact in Flint
Open the medical PDF in Flint's redaction tool. Mark each instance of the MRN, patient name, dates and other HIPAA identifiers. Flint removes the underlying text and image data.
For multi-page reports, redact every page. MRNs commonly appear in headers, footers and audit lines as well as the main report. Verify by select-and-copy after redacting.
Beyond redaction
For research data sharing, consider whether you need to send the document at all — could a summary or anonymised dataset serve the purpose? Where the full document is needed, combine redaction with encryption (Flint's password tool) and a secure transmission channel.
For HIPAA-covered entities, document the Safe Harbor or Expert Determination process used to de-identify. Audit trail matters as much as the redaction itself.
FAQ
Is partial redaction (last four of MRN) acceptable?
Under HIPAA Safe Harbor, no — MRN must be removed entirely. Under Expert Determination, partial may be acceptable with statistical analysis.
What about visit numbers and account numbers?
Same category — all healthcare identifiers must be removed for full de-identification.
Can I just leave the patient's first initial?
No. Initials plus other context can re-identify. Remove names entirely under Safe Harbor.
Does this apply outside the US?
GDPR, UK DPA and equivalents treat health data as special-category data. Similar principle: minimise identifiers before any sharing.
Medical PDFs need careful redaction every time. Use Flint and document your process for HIPAA defence.