Skip to content
SDK Documentation

PHI Anonymization

PHI Anonymization

The Klira SDK can automatically detect and anonymize Protected Health Information (PHI) in trace data before it is exported. This ensures compliance with HIPAA and other healthcare data privacy regulations while maintaining useful observability.

Configuring Anonymization

Set the anonymization parameter on Klira.init() to enable PHI anonymization:

from klira.sdk import Klira


Klira.init(
    app_name="HealthcareApp",
    api_key="klira_live_your_key",
    anonymization="redact",
)

Anonymization Strategies

StrategyDescriptionExample InputExample Output
"redact"Removes PHI entirely"Patient John Smith, DOB 01/15/1980""Patient [REDACTED], DOB [REDACTED]"
"mask"Replaces with asterisks"SSN: 123-45-6789""SSN: ***-**-****"
"replace"Substitutes with synthetic values"Dr. Jane Doe""Dr. [PERSON_1]"
"hash"One-way hash of the value"patient_12345""a1b2c3d4..."

When to Use Each Strategy

  • "redact" — Maximum privacy. Use when PHI should never leave the system.
  • "mask" — Preserves data format for debugging while hiding values.
  • "replace" — Maintains referential consistency across spans (same input produces same placeholder).
  • "hash" — Enables correlation across traces without exposing PHI.

PHI Scanner

For advanced PHI detection, install the anonymization extra:

Terminal window
pip install klira[anonymization]

This provides the PhiScanner class, which uses NER models to detect PHI entities in text:

from klira.sdk.healthcare import PhiScanner


scanner = PhiScanner()
result = scanner.scan("Patient John Smith, DOB 01/15/1980, MRN 12345")


for entity in result.entities:
    print(f"{entity.type}: {entity.text} (confidence: {entity.confidence:.2f})")

Detected PHI Entity Types

Entity TypeExamples
PERSONPatient names, provider names
DATEDates of birth, admission dates
IDMedical record numbers, SSNs
LOCATIONAddresses, facility names
PHONEPhone numbers, fax numbers
EMAILEmail addresses

Exporting Entity Details

By default, the SDK only exports anonymized text. To include metadata about detected entities (type, position, confidence) in trace attributes, enable phi_export_entity_details:

Klira.init(
    app_name="HealthcareApp",
    api_key="klira_live_your_key",
    anonymization="redact",
    phi_export_entity_details=True,
)

When enabled, each span containing PHI will include:

  • klira.phi.entity_count — Number of PHI entities detected
  • klira.phi.entity_types — List of entity types found (e.g., ["PERSON", "DATE"])

Integration with Guardrails

PHI anonymization works alongside guardrails. When both are enabled:

  1. Input guardrails run first on the original text
  2. PHI anonymization is applied to span attributes before export
  3. Output guardrails can detect and block PHI in AI responses
from klira.sdk import Klira
from klira.sdk.decorators import workflow, guardrails


Klira.init(
    app_name="SecureHealthcareBot",
    api_key="klira_live_your_key",
    anonymization="redact",
    clinical_domain="general_medicine",
)


@workflow(name="patient_chat", user_id="clinician_001")
@guardrails(domain="healthcare", check_output=True)
async def patient_chat(message: str) -> str:
    # Guardrails check the message against healthcare policies
    # PHI in trace spans is automatically redacted before export
    return await generate_clinical_response(message)

Complete Working Example

from klira.sdk import Klira
from klira.sdk.decorators import workflow
from klira.sdk.healthcare import set_patient_context, set_clinical_context


Klira.init(
    app_name="PHICompliantApp",
    api_key="klira_live_your_key",
    anonymization="replace",
    phi_export_entity_details=True,
    clinical_domain="radiology",
)


@workflow(name="radiology_report", user_id="dr_chen", conversation_id="report_session_001")
async def process_radiology_report(patient_id: str, report_text: str) -> str:
    set_patient_context(patient_id=patient_id)
    set_clinical_context(department="Radiology", specialty="Diagnostic Imaging")


    # The report_text may contain PHI (patient name, DOB, MRN)
    # Klira automatically anonymizes these before exporting trace data
    summary = await summarize_report(report_text)
    return summary