search

PII & PHI anonymization

hashtag
PII & PHI anonymization

When it comes to qualitative feedback ingestion, anonymizing PII and sensitive information is a key step to keep your data pipeline secure and privacy compliant.

Any personally identifiable information (PII) or sensitive information that could identify individuals is therefore removed and securely discarded.

This includes:

  • Personal numbers or codes such as a United States Social Security Number, driver's license, or any document from other countries.

  • A person's full name or first name.

  • A person's phone number.

  • A person's email address.

  • A person's address, location, or city.

  • Any credit card, bank account information, or passwords.

By design, the Birdie solution does not rely on PII or sensitive information to work, therefore, all native connectors in Birdie are created to import only anonymized structured columns. It means, instead of importing user names and emails from your support ticket platform, Birdie connectors will only import user_ids to match the records.

More than structured columns, there may be PII or sensitive information within qualitative fields. In cases like that, there are two different directions to follow:

1

hashtag
PII & PHI anonymization handled by Birdie — PII & PHI never gets stored in Birdie's servers

integration flow

  • In this scenario, Birdie will handle PII anonymization within the initial step of data pipeline in GCP region: us-central-1.

  • Our anonymization process employs a hybrid system combining rigid pattern detection with an AI-based entity recognition model. This means that we have two layers of pattern matching for specific IDs to successfully remove most PIIs.

  • Any sensitive pattern such as: names, emails, addresses, card numbers, document ids will be [REDACTED] to indicate the change in the original content.

  • PII anonymization is activated for all clients, ensuring that all incoming open-text fields (ticket comments, survey responses, call transcripts) will get checked and processed before Birdie stores any raw data in our servers.

  • This option can be used with any ingestion method (native connectors, S3 bucket, Birdie Rest API or CSV uploads). However, there is the need to send open PII to be anonymized.

circle-info

Note: For clients in Brazil, in compliance with the Lei Geral de Proteção de Dados (LGPD), this ingestion step runs in GCP region: southamerica-east-1 prior to final persistence at the global index in GCP region: us-central-1, Iowa. For clients outside Brazil, the whole process will remain running at our main infrastructure in the United States, GCP region: us-central-1, Iowa.

2

hashtag
PII & PHI anonymization handled by Company — PII & PHI never reaches any of Birdie's services

integration flow

  • In this scenario, your company handles PII anonymization within your local infrastructure, running PII redaction scripts to replace names, emails, addresses, document IDs and whatever is considered sensitive by regulations in your industry/business.

  • To help running that task internally, we offer Birdie AI Anonymizerarrow-up-right project, available in the Google Cloud Marketplace

  • Once anonymized, data integration can be done via S3 bucket (parquet file) or Birdie Rest API:

    • https://birdie-ai.atlassian.net/servicedesk/customer/portal/1/topic/2827db13-a139-4b1b-b20f-c7890851164f/article/7077904

    • Birdie AI Anonymizer

    • Ingestion API

  • By using this approach, your company makes sure Birdie never receives any PII or sensitive information.

chevron-rightTypes of PII/PHI currently anonymized by Birdie (expand to view full list)hashtag

Personal Identifiers

  • Names (including doctor names)

  • NINs (National Identification Numbers)

  • Driver's License Numbers

  • Passport Numbers

  • Patient Account Numbers

  • Birth Dates

  • Admission/Discharge Dates

  • Vehicle Identifiers

  • Device Serial Numbers

  • URLs and IP Addresses

  • Biometric Identifiers

  • Voter Card IDs

  • Taxpayer Identification Numbers (TINs)

Contact Information

  • Phone Numbers (including fax)

  • Email Addresses

  • Physical Addresses

  • ZIP Codes

  • Certificate/License Numbers

Financial Information

  • Credit Card Numbers

  • Bank Account Numbers

  • Insurance Policy Numbers

  • Payment Details

Healthcare Identifiers

  • Medical Record Numbers (MRN)

  • Insurance IDs and Group Numbers

  • Medicare/Medicaid Numbers

  • DEA Numbers

  • NPI (National Provider Identifier)

  • Health Plan Beneficiary Numbers

  • Device Identifiers and Serial Numbers

  • Laboratory Numbers

Clinical Information

  • Diagnosis Codes (ICD-10)

  • Procedure Codes (CPT)

  • Medication NDC Codes

  • Test Results

  • Treatment Dates

  • Appointment Details

PreviousSecurity & Data Protection OverviewNextSSO Integration and IP filter

Last updated