De-Identification Solutions


Next Steps
Overview Anonymize ASCII De-ID Encode Encrypt Mask Randomize Manipulate


De-identification refers to processes that disassociate personally identifiable information (PII) within protected health information (PHI) repositories and other "data at risk."

PHI de-identification is a specific requirement in the healthcare industry, where for example, it is used in both "safe harbor" and "expert determination method" practices in medical research (to remove patient identities from study models). De-identification is also a blanket term referring to the anonymization or masking of PII in many other industries.

The most recent Security Rule in HIPAA regulations (45 CFR Parts 160 and 164) spell out the compliance requirements for those entities managing PHI. HIPAA rules apply to 18 specific identifiers:

Phone #
Fax #
Email Address
Social Security #
Medical Record #
Health Insurance Beneficiary #
Account #
Certificate #
Vehicle ID #
Device ID #
Personal URL
IP Address
Biometric ID
Facial Image
Other Unique ID Code

Each of the data masking software products in the IRI Data Protector suite helps you find and classify, and then protect PII, PAN, PHI, etc. in multiple data sources for Safe Harbor rule compliance. They also work hand-in-hand with free, advanced re-ID risk scoring technology for compliance with the Expert Determination Method rule.

Which Data Masking Tool Should I Use?


Proven data-centric security products in the IRI Data Protector suite can find, classify, and selectively obfuscate data with irreversible or reversible masking functions, including those above, plus encryption.

Use the IRI FieldShield product (or IRI Voracity platform which includes it) to protect data in files or databases at rest. Use IRI CellShield for PHI in Excel spreadsheets. Use the IRI Chakra Max database firewall (DAM/DCAP) to dynamically mask PHI in database applications.

If you need fake but realistic PHI for testing purposes, use IRI RowGen to synthesize structurally and referentially correct test data for databases and files. RowGen is also included in Voracity.

Which Data Masking Function Should I Use?


IRI provides 12 different categories of data de-identification functions in the IRI FieldShield product or the larger IRI Voracity platform around it. It may seem initially difficult to choose the right kind of security for your applications and compliance goals, but once you starting looking at the options and your data, it\'ll get easier. Scan across the tabs above, or check out our blog article on common decision criteria to help you select the "right shield for every field."

Read Now


HIPAA compliance requires either:


Manipulating, masking, or removing these identifiers so that it is difficult or impossible to restore the original data. Any remaining data cannot be linked to an individual.



Stripping the identifiers, and providing expert verification that the statistical risk of re-identification is low.

Use IRI software yourself, employ IRI Data Masking as a Service (IRI DMaaS), leverage external or embedded re-ID risk scoring technology, and/or work with expert IRI partners like KI Design to help you de-identify sensitive data and comply with data privacy regulations.

Systematically analyze covered entity gaps, apply the right de-ID functions using IRI software, and certify the statistical likelihood of re-identifiability for HIPAA and HITRUST certification purposes.

Learn more about HIPAA and IRI encryption methods here:

Click on the tabs above or expand the solution links on the left to explore more data masking methods.

Request More Information

Live Chat

* indicates a required field.
IRI does NOT share your information.