Is there anyone who has success creating dlp rules using the canned identifiers for PHI? I'm struggling to get a basic combination of First Name, Last Name, Medical Condition to match my test file. I can match and have policy hit for individual identifiers but what I add them in combination using boolean (ANY or NEAR) I get no hits. Specifically the combo with FirstName (Given Name) and LastName (Surname) I'm unable to match on. Ultimately Im trying to match something like this. (FirstName AND LastName) AND Medical Condition. here is s record from my test file (xlsx)
I have a few Suggestions - and I apologize in advance if you already tried them:
1.) Try the 'Full Names(US)' instead of 'FirstName and LastName'
2.) Be aware of the different language/country selections for the DLP Rules
3.) The 'Near' operator does work well for these type of searches: I'd just use P0 near P1 near P2 without parenthesis. Of course - that is if you are still using FirstName and LastName with Condition.
4.) Since you are testing - use baby steps when creating the rule. Example: start with just FirstName & LastName.
@tyler, Thanks for your suggestions. I've been trying a multitude of combos with this and documenting my results. Here is what I've found. When trying any of the identifiers (FullName, FirstName, or LastName, Medical condition) individually I get hits on all 12 records. When I add combos of these I get these results.
The most accurate one i found is:
LastName Near Medical Condition: Hits all 12 (but sees some firsnames as lastnames.