How to Redact Social Security Numbers and Tax IDs Safely

Social Security Numbers follow the format XXX-XX-XXXX (9 digits with hyphens), and pattern-based detection reliably catches the standard formatted version. The legal standard depends on context: FRCP Rule 5.2 allows the last four digits to remain in federal court filings, while HIPAA Safe Harbor requires the SSN to be removed entirely. Tax ID numbers (EINs) follow an XX-XXXXXXX format and are detected through similar pattern matching. After redacting, verify permanence by attempting to select or copy the redacted text in the PDF. If digits are selectable, the redaction is a visual overlay, not a true removal.

Common gaps that pattern detection misses

Standard pattern detection will catch a formatted SSN every time. What it may miss:

• Partial SSNs shown as last-4: A number displayed as "***-**-1234" does not match the full 9-digit pattern. Human review is needed to determine whether those last 4 digits constitute an identifier in context.
• SSNs embedded in longer strings: An account number formatted as "ACC-123456789-001" where the middle nine digits happen to be an SSN may not trigger pattern detection.
• Scanned or handwritten forms: OCR errors convert "556-78-9012" to "5S6-78-9012," and the corrupted version will not match a standard regex. A quality redaction tool flags low-confidence OCR regions for manual review.
• Non-hyphenated SSNs: The nine-digit string "556789012" without hyphens requires a separate pattern or NER detection to catch.

Under IRS guidance on Taxpayer Identification Numbers, an SSN is one of several TIN types alongside EINs, ITINs, and ATINs. Each has a distinct format. A complete redaction policy for tax documents should address all TIN types.

HIPAA Safe Harbor and FRCP 5.2 requirements compared

HHS Safe Harbor de-identification lists SSNs as identifier number 7 of 18 and requires complete removal with no partial retention. FRCP 5.2 takes a different approach: court filings may retain the last four digits of an SSN or taxpayer ID. These rules are not interchangeable. A document properly redacted for FRCP 5.2 (showing last 4 digits) is not properly de-identified under HIPAA Safe Harbor.

How to verify that redaction is permanent

Three verification steps:

1. Text selection test: Open the redacted PDF, attempt to click and drag over the redacted area. If text is selected, the redaction is a visual box, not a content removal. True redaction removes the underlying text data.
2. Copy-paste test: Copy the redacted region and paste into a text editor. If digits appear, the content is still present in the file.
3. PDF properties: Open Document Properties in Adobe Acrobat and check whether the file has been flattened or whether layers are present. Layered PDFs can have content toggled invisible without removal.

RedactifyAI applies permanent content removal by default, not visual overlays, and its four-layer detection covers formatted SSNs, EINs, ITINs, and partial patterns across text-based and OCR-processed documents. Confidence scores flag OCR-ambiguous regions so they receive human review rather than being silently passed over.