Redacta

Pseudonymise medical text before it is processed by AI or shared: replace patient

identifiers with labelled tokens ([PATIENT_NAME_1], [NHS_NUMBER_1],

[DATE_OF_BIRTH_1], ...) while leaving the clinical meaning untouched. Return the

redacted document plus a redaction report.

Redacta works in two layers:

• Layer 1 — patterns (deterministic). Fixed-format identifiers, matched by a

bundled script: NHS numbers (Modulus-11 validated), UK National Insurance

numbers, dates of birth, UK postcodes, phone numbers, emails, hospital/MRN

numbers. (US SSN and ZIP codes are also handled.)

• Layer 2 — reasoning (your judgement). Identifiers that do not follow a fixed

pattern: patient names, postal addresses and identifying ages. This is where you

read context and tell a patient apart from the clinician treating them.

Workflow

Copy this checklist and tick items off as you go:

Redaction progress:
- [ ] 1. Save the source text to a file
- [ ] 2. Run the pattern layer (scripts/redact_structured.py)
- [ ] 3. Apply the reasoning layer (names, addresses, ages)
- [ ] 4. Assemble the pseudonymised document (formatting preserved)
- [ ] 5. Self-check the output for residual identifiers
- [ ] 6. Write the redaction report
- [ ] 7. Add the limits note

1–2. Pattern layer

Write the user's text verbatim to a temp file, then run the script (execute

it — do not read it into context):

python3 scripts/redact_structured.py /tmp/redacta_input.txt

It prints JSON with redacted_text, report (count of distinct values per type)

and token_map (token → original value, for review and re-identification). Carry

redacted_text forward into Layer 2. The script uses the Python 3 standard

library only and makes no network calls.

3. Reasoning layer

Read redacted_text and pseudonymise what the patterns cannot:

• Patient names → [PATIENT_NAME_n]. Redact the patient and any relatives or

carers named. Keep the names of treating clinicians, GPs, and institutions

(hospital, ward, practice) by default — they carry meaning and are not the data

subject. If the user asks for full de-identification, also redact those as

[CLINICIAN_NAME_n] and [ORG_NAME_n].

• Postal addresses → [ADDRESS_n]. Any postcode inside the address is already

a token from Layer 1.

• Identifying ages → [AGE_n]. Redact specific ages ("a 73-year-old woman").

Leave non-identifying bands ("elderly", "in her 70s") unless the user wants them

removed.

• Same value → same token. Reuse a token for every occurrence of the same

value; give different values new numbers. Continue numbering alongside the tokens

already in token_map.

• When unsure, redact. Prefer removing a possible identifier over leaving it.

If the user asked for HIPAA Safe Harbor de-identification, also apply the

stricter rules in Safe Harbor mode at this step —

most importantly, redact all dates and ages, not just the date of birth.

See reference.md for disambiguation heuristics and the full token

vocabulary.

4. Assemble

Reproduce the document exactly — same line breaks, headings and layout — changing

only the identifiers. Never alter clinical content (findings, medications, doses,

results, dates of appointments or procedures).

5. Self-check

Before finalising, re-read the assembled document as if you were an auditor and

look for anything that still identifies a person:

• Numbers that look like an NHS number, phone, MRN, account or reference but were

not tokenised.

• A name, relative, carer or place name you passed over — especially mid-sentence

("…lives with her sister Joan…", "…transferred from St Elsewhere…").

• A specific age, postcode fragment, email, URL or date of birth.

If you find anything, tokenise it and update the report. A clean self-check is not

a guarantee — it is a second pass, not a proof. Treat it as the moment to catch

what Layers 1 and 2 missed.

6. Report

End with a short, human-readable report, for example:

> Redaction report: 5 identifiers pseudonymised — 1 patient name, 1 date of

> birth, 1 age, 1 NHS number, 1 address. Clinical content preserved.

If the user may need to reverse the process, also offer the token map as a table

(token | original value). Treat that table as the key that undoes the

pseudonymisation — include it only where the user wants it, and never alongside the

redacted text if the point was to keep identifiers separate.

7. Limits note

Always include this note:

> Redacta is a strong first line of defence, not a guarantee. It will not catch

> every possible identifier and is not a substitute for formal data-protection

> processes. Review the report before sharing the text.

Re-identification (reversing the redaction)

When the user has run the redacted text through another tool and wants the real

values put back, use the token map with the bundled script (execute it — do not

read it into context):

python3 scripts/reinstate.py redacted_or_ai_output.txt --map token_map.json

token_map.json may be either a bare map ({"[NHS_NUMBER_1]": "943 476 5919"})

or the full JSON object printed by redact_structured.py — both work. The script

swaps every token back to its original value and prints {text, changed}; add

--text-only for just the restored text. It is standard-library only and makes no

network calls.

This completes the round trip: redact → process/share → re-identify, with the

real identifiers only ever present locally. The token map is the key that reverses

the pseudonymisation — handle and store it with the same care as the original data.

Safe Harbor mode (US HIPAA)

If the user asks for HIPAA Safe Harbor de-identification — or "US

de-identification", "Safe Harbor", or "remove all 18 HIPAA identifiers" — apply a

stricter pass on top of the normal workflow:

• All dates, not just the date of birth. Remove every date that relates to the

individual — birth, admission, discharge, appointment, procedure, sample,

death — as [DATE_n] (or [DATE_OF_BIRTH_n] for the DOB). This overrides

the usual rule that keeps appointment and clinical dates. You may keep the bare

year if the user asks, since Safe Harbor permits the year alone.

• All specific ages → [AGE_n]. Ages of 90 or older must be removed and

aggregated (treat "92" and "almost 90" alike); do not leave a redactable age.

• The remaining HIPAA identifier types beyond what the pattern layer catches:

fax numbers [FAX_n], certificate/licence numbers [LICENSE_n], device

identifiers and serial numbers [DEVICE_ID_n], vehicle identifiers / VINs

[VIN_n], health-plan beneficiary numbers [HEALTH_PLAN_NUMBER_n], and any

other unique identifying number, characteristic or code.

• Biometric identifiers and full-face photographs are out of scope for a text

tool — flag them if referenced, but they cannot be removed from text alone.

Everything else (names, relatives, addresses, NHS/NI/SSN/MRN, emails, phones,

URLs, IP addresses, postcodes/ZIP) is already handled by the standard layers. Note

in the report that Safe Harbor mode was applied, and keep the limits note: the

Safe Harbor method still assumes no actual knowledge that the residual information

could re-identify the individual.

Notes

• All processing happens in this session: the script makes no network calls and

sends your text to no third-party service. Your text is of course visible to the

assistant running this skill — the purpose of Redacta is to produce output that

is safe to pass on to other tools, services or storage.

• Redacta is UK-focused (NHS, NI, UK postcodes) and also handles emails,

international phone numbers, and US SSN/ZIP codes.

• The Modulus-11 algorithm, the date-of-birth vs clinical-date rule, NI prefix

rules, the full token list and known limitations are documented in

reference.md.