🔒 Files never leave your device

PDF Tools for Healthcare — Patient Records Never Leave Your Device

The HIPAA Privacy Rule prohibits casual disclosure of Protected Health Information (PHI). Uploading a patient PDF to a free online converter is a disclosure to that converter's operator — and almost none of those operators have signed a Business Associate Agreement with you. A common, real workaround is “just redact the patient name first.” The HIPAA Safe Harbor de-identification standard lists 18 identifiers that must be removed, including ZIP codes and dates. Most casual redactions miss several.

PDFToolBench is built so you don't have to make that compromise. Every tool runs locally in your browser. PHI never leaves the device, so no BAA is needed — because no disclosure occurred.

The healthcare workflow

1. True Redact PDF

Pixel-baked redactions that destroy the underlying text. Useful for de-identifying patient records before research use, sharing with a referring provider, or attaching to a billing dispute.

2. Compress PDF

Shrink a scanned chart or imaging report under the email size cap of the receiving provider — without sending the PHI to a third-party compressor.

3. PDF OCR

Run OCR on scanned discharge summaries or lab reports locally with Tesseract. The text never leaves the browser.

4. Merge PDF + Split PDF

Assemble a complete patient packet, or extract just the relevant pages of a longer chart.

5. Strip Metadata

Remove the EHR system name, author, and timestamps from the document properties before sharing externally.

Why “we delete after 2 hours” isn't enough

Many online tools advertise short retention. From a HIPAA standpoint, the disclosure happened the moment the PHI was transmitted — not when it was deleted. The Privacy Rule cares about disclosure, not duration.

Verify the no-upload claim

Open your browser DevTools, switch to the Network tab, and run any tool here. You'll see requests for the page assets — never for the PHI.

FAQ

Do you sign a Business Associate Agreement?

No, and you don't need one. A BAA is required when a vendor receives PHI on your behalf. Because PDFToolBench never receives the PHI, the relationship that triggers a BAA doesn't exist.

Is this audit-friendly?

The no-upload property is verifiable in DevTools and reproducible by your compliance team. We'd rather you verify than take our word for it.

Can I use this on an EHR-connected workstation?

Yes. There's no install, no admin rights, no software change to your workstation.