Redacting Insurance Claim Documents: What Claims Handlers Need to Know

A property damage claim arrives from a third-party claimant's attorney. The file includes a police report with six witness statements, a treating physician's report on injuries to someone who isn't your insured, surveillance video metadata, and your adjuster's internal notes. Your reinsurer is requesting a copy of the file. Every document in that bundle contains protected personal information belonging to people other than the recipient - and several documents contain protected health information under HIPAA.

Insurance claim files sit at the intersection of multiple privacy frameworks in the United States. Health information in claims triggers HIPAA where covered entities are involved. State privacy laws - increasingly modeled on CCPA - govern personal information broadly. The NAIC Model Privacy Protection Act provides a baseline framework adopted in various forms across states. For claims handlers, adjusters, and compliance teams at carriers, MGAs, and surplus lines brokers, understanding what to redact before sharing files is a practical daily requirement.

This guide walks through a typical claim file - auto, general liability, and health - and identifies what to redact before sharing with each type of recipient. It covers the regulatory frameworks that apply and ends with answers to the questions we hear most often from US claims teams.

The regulatory framework for US insurance claim data

The NAIC Model Privacy Protection Act (Model 672) establishes baseline notice and opt-out requirements for how insurers handle nonpublic personal financial and health information. Most states have adopted versions of this model law. It requires insurers to provide privacy notices, limits how customer information can be shared with non-affiliated third parties, and creates specific restrictions on sharing health information.

Where claim files contain protected health information (PHI) - which includes individually identifiable health information created, received, or maintained by a HIPAA-covered entity or its business associates - HIPAA's Privacy Rule governs. Health insurers, HMOs, and healthcare clearinghouses are covered entities under HIPAA. Property and casualty carriers are generally not covered entities themselves, but when they receive PHI from healthcare providers in the course of processing a claim, they must handle that information consistent with their agreements with those providers.

HIPAA's minimum necessary standard (45 CFR §164.502(b)) requires that when PHI is used or disclosed, only the information needed to accomplish the purpose should be shared. This directly governs how medical records and physician reports in claim files are shared. The HHS guidance on the minimum necessary standard is the reference point for claims teams handling health-related documentation.

California's CCPA and the California Privacy Rights Act (CPRA) apply to personal information broadly, including insurance claim data held by businesses meeting the CCPA's thresholds. Several other states - Virginia, Colorado, Connecticut, Texas, and others - have enacted comparable comprehensive privacy laws. These laws give individuals rights to access, correct, and delete their personal information, and create disclosure and data minimization obligations that affect how claim files are handled and shared.

Walking through a typical claim file: what to redact

The sections below use an auto liability claim as the primary example, with notes where health claims differ. The claim involves a policyholder, a third-party claimant represented by an attorney, four witnesses, a police report, a treating physician's report, and a surveillance log.

Police report

Police reports in auto and liability claims contain officer badge numbers, witness names and contact details, statements from all parties, vehicle and driver information, and sometimes records of prior incidents or outstanding matters.

• Witness names, addresses, and phone numbers - redact before sharing with parties who don't need to contact the witness. A reinsurer reviewing exposure doesn't need witness contact information.
• Officer personal information beyond badge number - redact. Officers' badge numbers may be appropriate to retain for documentation purposes.
• Third-party personal data unrelated to the current claim - redact entirely.
• Records of prior incidents or traffic violations not directly relevant to the current claim - review carefully before sharing. State laws vary on how prior incident data can be used.

Physician / medical report

Medical reports in insurance claims are among the most sensitive documents in the file. A treating physician's report on a claimant's injuries will contain diagnosis, treatment history, medication, and background health information the physician considered relevant. Under HIPAA's minimum necessary standard, only the health information needed for the specific claim purpose should be shared beyond the claims handling chain.

• Background health conditions not relevant to the claimed injury - redact before sharing with reinsurers, TPAs, or any party whose function doesn't require that context
• Medications and treatment details for unrelated conditions - redact
• Names of other healthcare providers referenced in the report but not treating the claim-related injury - may need redaction depending on context
• Social Security number if it appears in the report - redact from all shared copies unless specifically required for a legitimate purpose

Witness statement

• Witness home address, phone number, and personal email - redact from any version shared beyond the parties who need to contact the witness
• Employer and occupation details if not relevant to the claim - redact
• Personal information the witness has included beyond the factual account - review each statement

Claim form (insured and claimant details)

Claim forms concentrate personally identifiable information: full name, address, date of birth, Social Security number, driver's license number, policy number, bank account or payment details, vehicle information, employment and income data, and prior claims history.

• Social Security number - redact from any shared copy except where specifically required for a legitimate purpose (e.g. tax reporting)
• Bank account and payment details - redact from all versions except those shared with the payments function
• Driver's license number - apply state law requirements; many states specifically restrict sharing of DL numbers from public or commercial records
• Prior claims history - share only what's relevant to the current claim. Prior claim records may contain additional personal data.

Surveillance and investigation reports

• Third parties captured incidentally in surveillance footage or photographs - obscure faces and vehicle registrations of uninvolved individuals
• Investigator identity where ongoing investigation is possible
• Location data and activity patterns beyond what's needed for the specific claim purpose

Recipient-by-recipient: what each party needs

The claimant's attorney is entitled to information relevant to the claim. Redact witness contact details (not statement content), investigator identity where ongoing surveillance is possible, and insured data not in dispute.

A reinsurer reviewing exposure needs loss data and claim facts. They don't need witness contact information, medical background unrelated to the claim, Social Security numbers, or bank account details. Apply minimum necessary actively.

A third-party administrator (TPA) or independent adjuster should receive only what falls within their handling instructions. Define scope by function: a TPA assessing medical bills needs the physician reports; they don't need the full police report.

If the insured requests a copy of their own claim file, treat it as a consumer access request under applicable state privacy law or a HIPAA right-of-access request if PHI is involved. Our guide to HIPAA medical record redaction covers the health-information-specific workflow in detail.

Why permanent redaction is required for insurance files

Overlay redaction - placing a black box over text in a PDF - does not remove the data. The text layer remains accessible. Multiple data breaches involving inadequately redacted insurance documents have involved exactly this failure mode: a black overlay applied in a PDF editor, with the underlying PHI or PII still present in the file. HIPAA breach notification requirements apply where exposed PHI affects 500 or more individuals.

Pixel-burn redaction converts the document page to an image and permanently destroys the text layer. The redacted text cannot be extracted, selected, or recovered. For insurance files containing PHI and other sensitive personal information, this is the only adequate method for external sharing.

The technical difference - and the practical consequences of getting it wrong - is covered in our guide to common redaction mistakes.

For compliance teams: beyond the claim file

Insurance compliance teams managing regulatory submissions, FTC correspondence, state insurance department examinations, or internal investigation files face the same redaction principles applied to different document types. Our guide to document redaction for compliance teams covers audit reports, investigation files, and regulatory submissions in detail.

RedactProof processes insurance claim files directly in your browser. Documents are not uploaded to servers. The AI detection engine identifies 40+ types of PII and PHI across every page, and pixel-burn redaction permanently removes them.