PHI Validation — Protected Health Information Rejection

← Back to Platform Architecture

PHI Validation — Protected Health Information Rejection

Overview

The PHI Validation middleware scans all inbound request bodies for 18 Protected Health Information identifiers and rejects requests with 422 Unprocessable Entity if any are detected. Purpose: Prevent accidental upload of PII/PHI into non-SUD-compliant fields. Rule: Better to reject and let user re-submit than to accept and later discover we've stored identifiable data.

The 18 Identifiers (Safe Harbor, 45 CFR § 164.514)

Name-Related

  • Name — Full name, first name, last name