The HIPAA Privacy Rule prohibits casual disclosure of Protected Health Information (PHI). Uploading a patient PDF to a free online converter is a disclosure to that converter's operator — and almost none of those operators have signed a Business Associate Agreement with you. A common, real workaround is “just redact the patient name first.” The HIPAA Safe Harbor de-identification standard lists 18 identifiers that must be removed, including ZIP codes and dates. Most casual redactions miss several.
PDFToolBench is built so you don't have to make that compromise. Every tool runs locally in your browser. PHI never leaves the device, so no BAA is needed — because no disclosure occurred.
The healthcare workflow
1. True Redact PDF
Pixel-baked redactions that destroy the underlying text. Useful for de-identifying patient records before research use, sharing with a referring provider, or attaching to a billing dispute.
2. Compress PDF
Shrink a scanned chart or imaging report under the email size cap of the receiving provider — without sending the PHI to a third-party compressor.
3. PDF OCR
Run OCR on scanned discharge summaries or lab reports locally with Tesseract. The text never leaves the browser.
4. Merge PDF + Split PDF
Assemble a complete patient packet, or extract just the relevant pages of a longer chart.
5. Strip Metadata
Remove the EHR system name, author, and timestamps from the document properties before sharing externally.
Why “we delete after 2 hours” isn't enough
Many online tools advertise short retention. From a HIPAA standpoint, the disclosure happened the moment the PHI was transmitted — not when it was deleted. The Privacy Rule cares about disclosure, not duration.
Verify the no-upload claim
Open your browser DevTools, switch to the Network tab, and run any tool here. You'll see requests for the page assets — never for the PHI.