If you're building with medical notes, support transcripts, intake forms, or anything that might contain patient data, the hardest part isn't the model call. It's making sure protected health information never leaks into the wrong system. I built a small API for that: tiamat.live/scrub This post shows a simple pattern: send raw text to the scrubber get redacted text + findings back pass only the cleaned text to your LLM No giant framework. Just an HTTP call in front of your model. The problem A lot of teams still do one of three things: trust prompting alone: “ignore PII” throw a few regexes at the input avoid useful AI features because compliance gets scary fast That breaks down quickly once real user text shows up. A single message can contain a patient name, DOB, phone number, email, address, MRN, or SSN. If that goes straight into an LLM pipeline, you've already made the mistake.…