As corporations, institutions, and government bodies move to digital documents, they are also faced with an increasing amount of data protection regulations and industry-specific compliances such as the GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and others. These regulations impose penalties for public disclosure of confidential information (intentional or accidental), data leaks, and non-compliance to information governance best practices.
With the increasing acceptance of public access to government records, universal health records, and online legal proceedings, the redaction of personal information from publicly viewable documents becomes critical.
Redaction refers to covering or removing any sensitive or confidential information (that can personally identify an individual) from publicly viewable records.
For example, lawyers frequently need to search through publicly available documents. But they should not be able to view any confidential information on these. Such information needs to be removed or hidden and should not be disclosed publicly. This could include Personally Identifiable Information (PII) such as names of individuals, birth dates, email addresses, financial account information, or figures and sums.
Similarly, HIPAA mandates healthcare providers to protect the patients' details such as name, contact and insurance information. Under the regulation, they must notify the patients in the event that their data is exposed in order to prevent erosion of the service provider's credibility.
Common problems in document redaction
Problems can arise if you don't understand the intricacies of digital documents and use an improper method to redact a scanned file, such as trying to obscure the visible words.
For example, you may try to cover sensitive information with a colored rectangle or by highlighting text in black when you redact a paper document. But this method doesn't work for digital records.
After you scan a document, information embedded as metadata within the document or the PII contained in TIFF headers must also be redacted. This is critical because if this hidden text is not redacted, it can inadvertently cause data leaks and lead to hefty penalties or even litigation.
If you don't use a professional redaction tool, your team may be unaware that document metadata generated by the application, such as author, subject, keywords, title or description, may contain sensitive information. They may not have the expertise to remove sensitive information from metadata or headers.
Moreover, your in-house teams may be overwhelmed by large volumes of documents that require redaction. When you have thousands of documents to be digitized and allowed public access, sorting through them and manually removing sensitive information becomes an impossible task!
How our document redaction services help
DRS offers a professional redaction service that saves your team time and effort, mitigates the risks of non-compliance, and prevents penalties. We can provide efficient redaction, no matter the project size.
Our redaction methods go beyond encryption because even with the most sophisticated encryption, systems administrators still have access to the information.
Mercury, our Enterprise Content Management solution has advanced redaction capabilities:
- Permanent and temporary redaction based on user roles and privileges
- Dynamic redaction by pattern, fixed x/y coordinates, business rules or workflows
Need to redact social security numbers or credit card numbers to show only the last four digits? We have pattern matching and workflow-based redaction methods that comply with your specifications or industry-based regulations.
Need to make specific information available only to authorized personnel instead of permanently redacting it? Mercury can restrict access to PII to only the users who have the required security clearance to view that information.
When you work with DRS Imaging as your document digitization partner, we plan for redaction during the scanning project. When documents are prepared for scanning, we identify those that require redaction. We use state-of-the-art data capture methods, including advanced OCR and ICR technologies. PII is made searchable in digital files so that it can easily be identified for redaction.
Mercury provides a secure document repository with access control and strict audit trails so that the storage and archival of redacted documents comply with IG best practices.
Tips to streamline document redaction projects
No matter the size of your redaction project, these tips will help you streamline your redaction project.
#1 Keep a reference of the regulatory policy to which you have to comply
A good practice is to keep handy a copy of the statute or regulation which applies to your industry, so you have the exact details of the redaction rules or policies as they apply to you, as these may differ from industry to industry.
#2 Identify and sort the documents and specify which fields need redaction
The specific information to be redacted may differ from industry to industry.
For example, for medical records, you must remove MRNs (medical record numbers), names, and birthdates. When it comes to legal documents, you must redact data such as social security number), driver's license number, name, date of birth, phone number, address, and financial account numbers. Remember also to evaluate any combination of these details that can identify a person and redact those details.
#3 Test the redacted document to ensure it cannot be uncovered
To confirm the redaction was correctly implemented, you can do a simple test on the redacted document. Select several lines of text from the final redacted version and some lines below it. Paste these lines into a word processing tool. Ensure that none of the redacted text is present in this content. Also, check the metadata and TIFF headers to see if they contain PII.
#4 Create a redaction approval and verification process
Once the redaction is done, put in a process to have a different team verify that the redaction has been completed. Have someone approve the redactions before publicly releasing the final document to ensure that there are no accidental data leaks.
#5 Use automated redaction solutions for high-volume redaction projects
For high-volume redaction projects, it’s best to rely on a professional service provider like DRS Imaging. Our intelligent redaction and document classification software use algorithms and advanced data extraction software to "read" and validate captured content through context and applied operational rules—as if it were thinking. It is responsive, accurate and capable of processing massive workloads quickly and accurately.
Benefits of using DRS for document redaction
We ensure that all your online records comply with data privacy laws.
- Our redaction services are efficient and affordable, no matter the size of the project. We minimize cost, time, and effort in indexing and redacting records.
- Our solution facilitates open access to public record requests and improves the end-user experience, so your business or institution provides easily accessible information and services.
Talk to DRS for expertise in digital document redaction while managing all aspects related to data security and regulatory compliance.