Why Every Hospital's Medical Record Numbers Are Different — and What That Means for HIPAA Compliance
"HIPAA De-identification Without a Regex PhD: How AI-Assisted Pattern Creation Democratizes Custom PII Detection" — Hook: Your hospital's Medical Record...
Feature: Custom Entity Creation · Region: US (HIPAA), EU (GDPR) · Source: anonym.community research
The Problem
Healthcare networks with multiple facilities face a custom entity detection problem: each facility has its own MRN format created independently over decades. Memorial Hospital uses "MRN:XXXXXXX" (7-digit), St. Mary's uses "PT-YYYYY" (5-digit with prefix), University Hospital uses "UHN-XXXXXXXXXX" (10-character alphanumeric). HIPAA's Safe Harbor de-identification method requires removing all 18 PHI identifiers including "account numbers" — which includes all MRN formats. Generic tools miss 100% of facility-specific MRNs. Building custom Presidio recognizers requires Python expertise: understanding PatternRecognizer, YAML configuration, context words, score thresholds, and regular expression syntax. A ServiceNow community thread specifically documents this pain point for healthcare IT teams attempting to identify PHI/PII from HR work notes.
Key Data Points
- Memorial Hospital uses "MRN:XXXXXXX" (7-digit), St.
- Mary's uses "PT-YYYYY" (5-digit with prefix), University Hospital uses "UHN-XXXXXXXXXX" (10-character alphanumeric).
- HIPAA's Safe Harbor de-identification method requires removing all 18 PHI identifiers including "account numbers" — which includes all MRN formats.
How anonym.digital Addresses This
The AI-assisted pattern helper accepts plain-language examples ("These look like MRN numbers: MRN:1234567, MRN:9876543") and generates the appropriate regex pattern. The visual regex builder allows refinement. The test interface validates against sample text. Patterns are saved as named custom entities and can be shared across the team with Basic+ plans.