v0.1.1 — HIPAA §164.514(c) Surrogate Code Model

What's new in v0.1.1

The core change: §164.514(c) statutory grounding

phi-redactor now explicitly implements the HIPAA §164.514(c) surrogate code provision — the statutory basis that permits exactly what phi-redactor does:

Synthetic tokens are not derived from information about the individual and cannot be translated back without a separately secured key.

That is the architecture. That is the law. They match.

Compliance report upgrades

• New generate_attestation() method produces a full §164.514(c) attestation document with both statutory requirements evidenced
• New surrogate_code_164_514_c compliance check in every report — passes by architecture
• expert_determination_ready: true in all report metadata
• Expert Determination pathway brief included for statistician engagements

Documentation

• README leads with cryptographic privacy guarantee and §164.514(c) positioning
• Removed misleading Safe Harbor badge
• Added Compliance Posture section with comparison table vs Safe Harbor
• SECURITY.md updated to accurately describe surrogate code architecture

The one-line pitch

The LLM gets a fictional patient. Your vault keeps the truth.

---

Full changelog: CHANGELOG.md

v0.1.0 — Initial Release

phi-redactor v0.1.0

HIPAA-native PHI redaction proxy for AI/LLM interactions.

Highlights

• 18 HIPAA identifiers detected via Presidio + spaCy
• Semantic masking with deterministic, identity-preserving fake data
• Encrypted vault (Fernet) with session isolation
• Tamper-evident audit trail with SHA-256 hash chains
• FastAPI reverse proxy for Anthropic and OpenAI
• Streaming support with real-time re-identification
• CLI for session management, vault stats, Safe Harbor reports
• Real-time dashboard for monitoring
• FHIR R4 / HL7v2 recognizers via plugin system

Install

pip install phi-redactor

Full documentation: README