HarborConvert
Use Cases11 days ago

Converting Medical Records and Patient Data: A Guide for Healthcare

Healthcare organizations convert patient data files constantly. Here's how to do it in a way that protects patient privacy and meets regulatory requirements.

By HarborConvert Team

Healthcare's File Format Problem

Healthcare is one of the most document-intensive industries. Patient records, lab results, insurance forms, referral letters, and clinical notes flow between providers, payers, and patients in a variety of formats. Converting between those formats is a daily reality.

The challenge: almost all of these documents contain Protected Health Information (PHI), which is subject to HIPAA in the US and equivalent regulations globally.

What Counts as PHI

PHI includes any health information combined with an identifier. The 18 HIPAA identifiers include:

  • Names
  • Dates (other than year) relating to care
  • Geographic subdivisions smaller than state
  • Phone and fax numbers
  • Email addresses
  • Social Security Numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Device identifiers
  • Web URLs
  • IP addresses
  • Biometric identifiers
  • Full-face photographs

A lab report with a patient's name and test result is PHI. A referral letter with a diagnosis code and date of service is PHI. Almost every clinical document qualifies.

HIPAA-Compliant Conversion Approaches

Browser-based converters process files in your browser — no PHI ever leaves the device. This approach requires no Business Associate Agreement because there is no data processor relationship. Use HarborConvert for:

  • PDF to CSV: Extracting structured data from lab reports or encounter summaries
  • PDF to Excel: Analyzing tabular clinical data
  • PDF Merge: Combining multiple patient documents into a single file

De-identification before conversion

If you need to use a cloud service, de-identify the data first under the HIPAA Safe Harbor or Expert Determination methods. Only then is it safe to upload. Note: de-identification must be thorough — removing all 18 identifiers.

Enterprise HIPAA-compliant services

For workflows requiring cloud storage or collaboration, use services that provide a signed BAA and demonstrate HIPAA compliance: Microsoft Azure, AWS, Google Cloud (with appropriate configurations), and specific HIPAA-compliant document management platforms.

Practical Examples

Converting discharge summaries PDF to Word: Use local conversion. Review the output carefully — clinical note formatting often includes tables and structured sections that may need cleanup.

Processing insurance claim CSVs: Use local CSV-to-Excel conversion. Never upload claim data to free online tools.

Merging patient records for a referral packet: Use local PDF merge. Verify that all pages belong to the correct patient before merging.

Back to blog