Healthcare AI builders keep tripping the same wire. You ship a chatbot. Someone pastes a patient note into it. The note hits OpenAI. OpenAI hasn't signed your BAA. You now have a HIPAA breach and a compliance officer with a clipboard. The fix everyone reaches for is "just write a regex" and then six months later they discover their regex didn't catch the DEA number, or treated 1234567890 as a phone instead of an NPI, or missed the email because someone wrote it as john [at] example.com . I spent today building the version I wish existed. The drop-in from scrubbed_openai import ScrubbedOpenAI client = ScrubbedOpenAI ( api_key = " sk-... " ) resp = client . chat . completions . create ( model = " gpt-4o-mini " , messages = [{ " role " : " user " , " content " : " Patient John Doe SSN 555-12-3456 has flu " }], ) # Upstream saw: "Patient John Doe SSN [SSN] has flu" # client.last_audit holds the per-call scrub trail Enter fullscreen mode Exit fullscreen mode Same surface as the official openai client.…