Insurance

PII Redaction for Insurance

Self-hosted redaction for property & casualty, life, health, and specialty insurers. Claims notes, underwriting files, broker submissions, and call-center transcripts — redacted at ingestion so analytics, AI features, and third-party data sharing happen on a clean corpus.

Or deploy Philter yourself →

The insurance PII problem

Insurance touches some of the most layered personal data in commercial industry: financial (account numbers, payment routing), identity (SSNs, driver’s license, dates of birth), and frequently health (medical history on life applications, claim notes on accident lines). The regulatory stack reflects that: GLBA at the federal level, the NAIC Insurance Data Security Model Law as adopted by most states, HIPAA when health data is in scope, and state-specific privacy rules layered on top.

The data shape is also unusual. Claims notes are free-text and PII-dense. Underwriting files include medical questionnaires, attorney correspondence, and witness statements. Broker submissions arrive as unstructured documents from third parties. Each surface needs a different redaction policy; all of them need the same deployment shape — inside the carrier’s perimeter, no third-party API.

How Philterd handles insurance

Claims-note redaction

Claims adjusters write free-text notes that mix policyholder PII, claimant PII, witness names, medical detail, and quoted-back conversations. Philter handles the unstructured surface; downstream analytics and fraud-detection systems consume the redacted output.

Underwriting file scrubbing

Application questionnaires, MIB reports, medical records, attorney letters, broker submissions. De-identify before the file lands in the analytics warehouse, the AI underwriting model, or the reinsurer data feed.

GLBA NPPI handling

Nonpublic Personal Information under 15 USC 6801-6809 covers customer financial details — SSNs, account numbers, payment data. The GLBA policy from the open source library is the starting point; tune for your specific account-numbering scheme.

HIPAA when health data is in play

Life insurance applications and health-line claims pull medical history under HIPAA Safe Harbor coverage. The Safe Harbor policy handles the 18 identifiers; combine it with the GLBA policy for layered coverage.

Broker-submission ingestion

Documents arrive from external brokers in inconsistent formats. Redact at ingest before the file enters the carrier’s document-management system — keeps PII out of systems that don’t need it and shrinks GLBA scope.

Stays in your perimeter

Carriers can’t send customer data to a third-party redaction API without triggering vendor-management review and the GLBA service-provider chain. Philter runs in your existing AWS, Azure, or GCP environment — no new BAA, no new sub-processor.

Ready-to-use policies

Apache 2.0 policies from the open source policy library — download and load into your Philter instance.

Finance v1.0.0

GLBA Nonpublic Personal Information (NPPI) Redaction

Redact Nonpublic Personal Information (NPPI) from financial customer records under the Gramm-Leach-Bliley Act (15 USC 6801-6809).

GLBANPPIfinancial privacySafeguards Rule

Healthcare v1.0.0

HIPAA Safe Harbor De-Identification

Remove all 18 HIPAA Safe Harbor identifiers from clinical text per 45 CFR 164.514(b)(2).

HIPAASafe HarborPHI45 CFR 164.514

Browse all redaction policies →

Recent writing on insurance

Redaction for Insurance: Claims, Customer Data, and the State-by-State Patchwork

Insurance carriers sit at the intersection of GLBA, HIPAA, state insurance rules, and the NAIC Model Law. A practitioner's guide to redacting NPPI and PHI in claims data, adjuster notes, and customer correspondence.

Redaction for Financial Services: PCI DSS, GLBA, and the Real-World Data Pipeline

A practitioner's guide to redacting NPPI and cardholder data in financial workflows — mapping PCI DSS, GLBA, and state requirements to the Philterd toolkit. With architecture patterns for call centers, KYC, and log streams.

Automatically Redacting PII and PHI from Files in Amazon S3 using Amazon Macie and Philter

Amazon Macie is “a data security service that discovers sensitive data using machine learning and pattern matching.” With Amazon Macie you can find potentially sensitive information in files in your Amazon S3 buckets, but what do you do when Amazon Macie finds a file that contains an SSN, phone number, or other piece of sensitive information?…

All blog posts →

Where insurance teams start

Inventory the PII surfaces. Claims notes, underwriting files, broker submissions, call-center transcripts, agent-portal messages. Each one has a different document shape and a different downstream consumer.
Deploy Philter into your VPC. AWS, Azure, or GCP — same perimeter as your policy administration and claims systems. No new vendor in the data path.
Start from the GLBA + Safe Harbor policies in the open source library. For health-line carriers, layer both; for P&C, GLBA is usually sufficient.
Tune for your account-number patterns. Policy numbers, claim numbers, agent IDs — carrier-specific identifiers that off-the-shelf PII tools miss. Custom regex rules in the policy file handle the gap.
Wire into the data pipelines that feed analytics + AI. Fraud detection, customer-segmentation, AI-assisted underwriting, AI claims-summarization — one redaction step upstream covers all of them.

Common deployments

1. Claims-data warehouse de-identification. Claims notes feed into the analytics warehouse for fraud detection, severity prediction, and loss-cost modeling. Redacting at the warehouse-ingest step takes the warehouse and every downstream BI tool out of NPPI scope — the same scope-reduction story as PCI in payments, applied to GLBA in insurance.

2. AI-assisted underwriting and claims summarization. Carriers building AI features (risk scoring, claim triage, broker-submission triage) want to use the rich free-text content in the files, but can’t expose PII to hosted LLMs. Philter AI Proxy sits between the carrier’s application and the LLM provider; PII is redacted before each prompt. The model gets the clinical context; the provider never sees the identifiers.

3. Reinsurance and third-party data sharing. Reinsurance bordereaux, fraud-consortium contributions, regulator submissions, and academic-research data sharing all need de-identified claims data. Per-record consistent pseudonymization keeps cross-record analytics intact while removing direct identifiers.

What teams need to be careful about

The GLBA service-provider chain. Any vendor that touches customer NPPI becomes a GLBA service provider, which means a written contract, the Safeguards Rule, oversight obligations, and a place in your annual security review. Self-hosting Philter avoids adding to that chain entirely; using a SaaS redaction API extends it.
State variation. California (CCPA / CPRA), New York (DFS 23 NYCRR 500), Massachusetts (201 CMR 17.00), and a growing list of others layer state-specific obligations on top of GLBA. The redaction layer is usually defensible at the federal level; state-specific data-subject rights (deletion, access) live elsewhere in your stack.
HIPAA crossover for life and health lines. A life-insurance application with attached medical records is a HIPAA-regulated record. A P&C claim mentioning the claimant’s injury is not. The line gets drawn carefully; the redaction policy needs to handle both surfaces without forcing the operational team to know which regime applies to which document.

Build PII redaction into your insurance pipeline

Insurance carriers have a compliance stack that’s deeper than most realize until they sit with the auditor. Talk to engineers who’ve threaded GLBA, NAIC, HIPAA, and state privacy rules through a single self-hosted redaction layer.

Or deploy Philter yourself →