cancel
Showing results for 
Search instead for 
Did you mean: 

Basic DLP Rules for PHI

ajentsch
New Contributor

Is there anyone who has success creating dlp rules using the canned identifiers for PHI? I'm struggling to get a basic combination of First Name, Last Name, Medical Condition to match my test file. I can match and have policy hit for individual identifiers but what I add them in combination using boolean (ANY or NEAR) I get no hits. Specifically the combo with FirstName (Given Name) and LastName (Surname) I'm unable to match on. Ultimately Im trying to match something like this. (FirstName AND LastName) AND Medical Condition. here is s record from my test file (xlsx)

Name                                    Medical ConditionPhone NumberAccount Num
Bob White                                          Schizophrenia21551831524789632
3 REPLIES 3

tyler
Netskope
Netskope

Hi @ajentsch,

I have a few Suggestions - and I apologize in advance if you already tried them:

1.) Try the 'Full Names(US)' instead of 'FirstName and LastName'

2.) Be aware of the different language/country selections for the DLP Rules

3.) The 'Near' operator does work well for these type of searches: I'd just use P0 near P1 near P2 without parenthesis. Of course - that is if you are still using FirstName  and LastName with Condition.

4.) Since you are testing - use baby steps when creating the rule.  Example: start with just FirstName & LastName.

 

ajentsch
New Contributor

@tyler, Thanks for your suggestions. I've been trying a multitude of combos with this and documenting my results. Here is what I've found. When trying any of the identifiers  (FullName, FirstName, or LastName, Medical condition) individually I get hits on all 12 records. When I add combos of these I get these results.

The most accurate one i found is:

LastName Near Medical Condition: Hits all 12 (but sees some  firsnames as lastnames.

FirstName AND LastName - No Hits

FirstName NEAR LastName - No Hits

FullName NEAR Medical Cond. - 3 hits

FullName AND Medical Cond. - 3 hits

FirstName AND LastName - No Hits

FirstName NEAR LastName - No Hits

Here are the actual identifiers that I'm using.

Diagnostic Classifications (ICD-10-CM)

Surnames(US)

Given Names(US)

 

It's not surprising that we hit some FirstNames as LastNames.  There are people out there with Last Names like Blue, Azure, etc.

Are you using the other features, like 'Record Based Scan' or 'Count only unique record'?

Finally, have you tried using the canned DLP Profile for PHI?  

Screen Shot 2021-05-25 at 9.20.06 PM.png