Protect sensitive user data and ensure compliance with privacy regulations like GDPR, CCPA, and HIPAA using PromptGuard’s advanced PII detection and redaction capabilities.
Data Privacy Overview
Data privacy is critical for AI applications that handle personal information. PromptGuard provides comprehensive protection for:Personal Identifiable Information (PII)
- Contact Information: Email addresses, phone numbers, addresses
- Government IDs: Social Security Numbers, passport numbers, driver’s licenses
- Financial Data: Credit card numbers, bank accounts, routing numbers
- Health Information: Medical record numbers, health conditions
- Technical Identifiers: IP addresses, device IDs, session tokens
Sensitive Data Categories
- Biometric Data: Fingerprints, facial recognition data
- Location Data: GPS coordinates, precise locations
- Behavioral Data: Browsing patterns, user preferences
- Communication Data: Email content, chat messages
- Professional Data: Employee IDs, salary information
PII Detection and Redaction
Automatic PII Detection
PromptGuard automatically detects and handles common PII patterns:Custom PII Patterns
Implementation Examples
Healthcare Data Protection (HIPAA)
- Tab Title
- Tab Title
import { OpenAI } from 'openai';
const openai = new OpenAI({
apiKey: process.env.PROMPTGUARD_API_KEY,
baseURL: 'https://api.promptguard.co/api/v1'
});
class HIPAACompliantAI {
constructor() {
this.auditLog = [];
this.patientDataHandlers = new Map();
}
async processHealthcareQuery(patientId, query, userRole) {
try {
// Verify user authorization
if (!this.isAuthorizedForPatientData(userRole, patientId)) {
throw new Error('Unauthorized access to patient data');
}
// Log access attempt
this.logDataAccess(patientId, query, userRole);
// Process with healthcare-specific protection
const response = await this.processWithHIPAAProtection(query, patientId);
// Log successful processing
this.logDataProcessing(patientId, 'success', userRole);
return response;
} catch (error) {
this.logDataProcessing(patientId, 'error', userRole, error.message);
throw error;
}
}
async processWithHIPAAProtection(query, patientId) {
const messages = [
{
role: 'system',
content: `You are a HIPAA-compliant medical AI assistant.
IMPORTANT RULES:
- Never reveal specific patient identifiers
- Do not store or remember patient information between sessions
- Only provide general medical information, not specific diagnoses
- Always recommend consulting with healthcare professionals
- Do not process or discuss protected health information (PHI)
- If asked about specific patient data, redirect to proper channels`
},
{
role: 'user',
content: query
}
];
const completion = await openai.chat.completions.create({
model: "gpt-5-nano",
messages: messages,
temperature: 0.3, // Lower temperature for consistency
user: `healthcare_${patientId}` // Track for audit purposes
});
const response = completion.choices[0].message.content;
// Additional PHI scanning
const scannedResponse = await this.scanForPHI(response);
return {
response: scannedResponse.cleanedResponse,
phi_detected: scannedResponse.phiFound,
audit_id: this.generateAuditId()
};
}
async scanForPHI(response) {
// Enhanced PHI detection patterns
const phiPatterns = [
/\b\d{3}-\d{2}-\d{4}\b/g, // SSN
/\b\d{2}\/\d{2}\/\d{4}\b/g, // Dates (potential DOB)
/MRN[-:]?\s*\d+/gi, // Medical Record Numbers
/\b[A-Z]{2}\d{7}\b/g, // Insurance numbers
/\b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b/g // Credit cards
];
let cleanedResponse = response;
let phiFound = false;
phiPatterns.forEach(pattern => {
if (pattern.test(response)) {
phiFound = true;
cleanedResponse = cleanedResponse.replace(pattern, '[REDACTED]');
}
});
return {
cleanedResponse: cleanedResponse,
phiFound: phiFound
};
}
logDataAccess(patientId, query, userRole) {
const logEntry = {
timestamp: new Date().toISOString(),
event_type: 'data_access',
patient_id: this.hashPatientId(patientId),
user_role: userRole,
query_hash: this.hashContent(query),
ip_address: this.getCurrentUserIP(),
session_id: this.getCurrentSessionId()
};
this.auditLog.push(logEntry);
this.sendToComplianceSystem(logEntry);
}
logDataProcessing(patientId, status, userRole, error = null) {
const logEntry = {
timestamp: new Date().toISOString(),
event_type: 'data_processing',
patient_id: this.hashPatientId(patientId),
user_role: userRole,
status: status,
error: error,
compliance_flags: this.getComplianceFlags()
};
this.auditLog.push(logEntry);
this.sendToComplianceSystem(logEntry);
}
isAuthorizedForPatientData(userRole, patientId) {
const authorizedRoles = ['doctor', 'nurse', 'admin', 'patient'];
if (!authorizedRoles.includes(userRole)) {
return false;
}
// Additional role-based checks
if (userRole === 'patient') {
return this.isPatientAccessingOwnData(patientId);
}
return this.hasPatientAccess(userRole, patientId);
}
hashPatientId(patientId) {
// Use cryptographic hash to protect patient ID in logs
const crypto = require('crypto');
return crypto.createHash('sha256').update(patientId).digest('hex').substring(0, 16);
}
generateAuditId() {
return 'audit_' + Date.now() + '_' + Math.random().toString(36).substring(7);
}
}
// API endpoint for healthcare queries
app.post('/api/healthcare/query', async (req, res) => {
const { patientId, query, userRole, sessionToken } = req.body;
// Validate session and permissions
const session = await validateHealthcareSession(sessionToken);
if (!session.isValid) {
return res.status(401).json({ error: 'Invalid session' });
}
const healthcareAI = new HIPAACompliantAI();
try {
const result = await healthcareAI.processHealthcareQuery(
patientId,
query,
userRole
);
res.json({
response: result.response,
audit_id: result.audit_id,
compliance_verified: true,
phi_detected: result.phi_detected
});
} catch (error) {
console.error('Healthcare query error:', error);
res.status(500).json({
error: 'Unable to process healthcare query',
message: 'Please contact your healthcare provider',
compliance_violation: error.message.includes('Unauthorized')
});
}
});
GDPR-Compliant Data Processing
Privacy-by-Design Implementation
Data Anonymization
Privacy Compliance Framework
Privacy Testing and Validation
PII Detection Testing
Next Steps
Enterprise Setup
Configure PromptGuard for enterprise environments
Content Moderation
Implement comprehensive content filtering
Chatbot Protection
Secure conversational AI applications
Security Overview
Complete security configuration guide