Skip to content
reaatech

Configurable PII redaction at ingress and egress for HIPAA, GDPR, and PCI compliance

Automatically strip PII from every LLM call and response, configurable per regulation.

The problem

A 10-person health-tech startup is building a clinical decision support agent. They handle PHI and need to ensure no protected health information leaks to the LLM or appears in responses. Manual redaction is error-prone and doesn't scale. They need an automated pipeline that redacts PII at both ingress (before sending to the LLM) and egress (before showing to the user), with configurable rules for HIPAA, GDPR, or PCI. The solution must be auditable and not slow down responses.

Example artifact

A complete, working implementation of this recipe — downloadable as a zip or browsable file by file. Generated by our build pipeline; tested with full coverage before publishing.

153 kB·125 tests·98.6% coverage·vitest passing

SHA-25664d43d175afd8ff87662ca3663a800df2f7d04e4e51f5a76d9ea43043d19d5c4

Comments

Sign in with GitHub to comment and vote.

Loading comments…