Home

Prevent PII and PHI from being sent to AI tools.

PII includes your full name, address, phone number, government IDs, and account numbers. PHI is the regulated subset that healthcare teams handle, like patient identifiers and medical records. Both are the most common sensitive-data classes that end up in AI prompts, whether you're an individual using ChatGPT or a clinician summarizing a chart. LogosGuard swaps the real values for placeholders (`[NAME]`, `[PATIENT]`, `[MRN]`) before the prompt is submitted. The AI still drafts a useful summary, reply, or note. The real names, numbers, and identifiers never reach the third-party AI tool; redaction runs in your deployment.

PII and PHI are the most common sensitive-data classes in AI prompts. LogosGuard catches them before submission, across every AI tool employees use.

What counts as PII.

Personally identifiable information is any data that can identify an individual on its own or in combination with other data. In AI prompts, the categories that come up most often are direct identifiers like names, email addresses, phone numbers, mailing addresses, and government identifiers; quasi-identifiers like dates of birth and ZIP codes that become identifying when combined; and internal identifiers like employee IDs and customer record numbers that can re-identify people inside your systems.

What counts as PHI.

Protected health information is a regulated subset that includes structured identifiers (MRNs, claim and visit IDs, dates of birth tied to records, addresses on patient files) and contextual identifiers (named patients combined with clinical content). HIPAA-regulated entities are accountable for PHI handling under 45 CFR 164. Once PHI is submitted to an external AI tool, the company has lost control of the egress event regardless of vendor data-handling settings.

Common examples LogosGuard detects.

  • Full names paired with employer, title, or contact information.
  • Email addresses (including company emails copied from CRM tools).
  • Phone numbers in any common format (US and international).
  • Mailing addresses and ZIP codes.
  • Social security numbers and similar government identifiers.
  • Driver's license numbers, passport numbers, and tax IDs.
  • Employee IDs, customer record IDs, and account numbers.
  • MRNs and other patient identifiers.
  • Dates of birth, claim IDs, visit IDs.
  • Diagnosis codes and medication names paired with patient context.

Where the leaks happen.

PII and PHI show up in AI prompts in predictable places. Customer support teams paste full ticket histories. Recruiters paste resumes. HR teams summarize feedback that includes employee names. Sales teams paste account details to draft outreach. Clinicians paste chart notes for one-paragraph summaries. Care managers paste patient messages to draft tactful replies. Billing analysts paste claim explanations to interpret denial codes. Each workflow is reasonable, the leak is the embedded identifier, not the goal of the prompt.

How LogosGuard handles PII and PHI.

  1. 1

    Detect

    LogosGuard scans the prompt and any uploads at the moment of paste, type, or submit. In your LogosGuard backend, format-aware patterns catch structured identifiers (SSNs, MRNs, claim IDs) and a policy-tuned model catches contextual identifiers (named patients combined with clinical content).

  2. 2

    Apply policy

    By default, PII triggers a warn-or-redact action. PHI triggers a redact-and-review or hard-block depending on team scope. The user sees what was flagged and can redact, edit, or proceed with policy approval.

  3. 3

    Log

    The detection event is recorded with the policy decision. The underlying content is not retained in the audit log. See audit employee AI usage.

Recommended policy actions.

For PII, most teams use a warn-and-redact flow rather than a hard block. Customer support and sales workflows often legitimately need the AI tool to know there is a customer involved, just not who. Redaction lets the prompt continue with placeholders, `[CUSTOMER_NAME]`, `[EMAIL]`, `[PHONE]`, so the AI tool can still summarize and draft without seeing the underlying identity. Hard blocks are appropriate for higher-severity PII like government identifiers, where there is no legitimate reason for the data to be in an AI prompt.

For PHI, the recommended action is redact-and-review for routine clinical workflows and hard-block for higher-severity scenarios (research data, behavioral-health records, regulated identifier categories). Different teams can have different rules, a research team operating on de-identified data may have lighter controls than a clinical team handling full PHI.

Healthcare-specific posture.

For HIPAA-regulated workflows, LogosGuard executes BAAs with covered-entity customers and maintains BAAs with our cloud and AI subprocessors (Microsoft Azure, OpenAI, Modal, Anthropic). Detection runs inside your LogosGuard deployment; audit logs preserve event metadata, not content, so logs do not become a second exposure surface. Visit the healthcare industry page for the industry-specific framing.

See PII and PHI redaction live.

Contact UsHealthcare Industry Page

Frequently asked questions

Does LogosGuard detect PII and PHI in uploaded files too?
Yes. LogosGuard scans uploaded files in supported formats (text, common document types) for the same PII and PHI patterns it detects in prompts.
What happens to detected content?
Depending on policy: the user is warned, the content is redacted with a placeholder, or the submission is blocked. Audit logs record the event metadata, not the content itself.
Will LogosGuard slow down our customer support or clinical teams?
No. Detection runs in near real time before submission and the redaction flow is one click. For most legitimate workflows, the user can submit the same prompt with placeholders in place of identifying information.
Does LogosGuard support HIPAA?
Yes. We maintain BAAs with our cloud and AI subprocessors (Microsoft Azure, OpenAI, Modal, Anthropic) and sign BAAs with covered-entity customers. Contact us to put one in place.
Can we hard-block PHI entirely instead of redacting?
Yes. Policies are configurable. Many organizations redact for routine use cases and hard-block for higher-severity scenarios such as research data, behavioral-health records, or specific identifier categories.
How is PHI identified for detection?
LogosGuard recognizes structured identifiers (MRNs, claim IDs, dates of birth, addresses) and contextual identifiers (named patients combined with clinical content). Detection rules can be tuned per organization.
Contact UsSee Products

Related reading

Healthcare Industry

How healthcare teams pair the HIPAA posture with PHI redaction.

Financial Services

PII redaction for customer records, account data, and surveillance review.

Audit Employee AI Usage

What the audit log shows for PII / PHI events.