Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
CCPA
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

How do I customize data types in the health information report?

Customizing data types for a health information report involves two main activities: creating custom detectors (for unique medical identifiers) and building logical rules (to ensure context).

In Spirion, you don't just "edit" a report; you customize the Data Types and Sensitive Data Definitions (SDDs) that feed into it.

1. Create Custom Detectors (The "What")

If your organization uses unique identifiers (like a specific internal MRN format) that aren't covered by the built-in "Health Information" AnyFind, you must create a custom Data Type:

  • Regex (Pattern-based): Use this if your MRNs follow a specific structure (for example, MED-12345-X). You can build a regular expression to match this exact pattern.
  • Dictionaries (List-based): If you have a list of sensitive drug names, specific research project codes, or a controlled list of patient IDs, upload them as a Dictionary.
  • Keywords: Add specific terms like "Diagnosis," "Prognosis," or "Patient History" to flag documents that contain these medical headers.

2. Build Sensitive Data Definitions (SDDs) (The "Context")

Health information is often only "sensitive" when multiple elements appear together.

Use Sensitive Data Definitions (SDDs) to create these logical rules:

  • Proximity Rules: Create an SDD that only triggers if a Patient Name (AnyFind) is found NEAR an ICD-10 Code (Custom Regex). This drastically reduces false positives from random numbers.
  • Required Combinations: Set a rule that requires both a Social Security Number AND a Medical Record Number to be present in the same file before it is labeled as "High-Risk PHI."
  • Exclusion Logic: You can customize your definition to exclude certain terms (for example, "Ignore if the word 'Sample' or 'Template' is present").

3. Apply to the Report

Once your custom Data Types and Sensitive Data Definitions are created perform the following steps:

  1. Update your Scan Policy: Ensure the new custom types are selected in the "Sensitive Data Types" step of the scan wizard.
  2. Filter the Report: In the Report Builder, use the "Data Type" filter to select only your custom health-related definitions.
  3. Group by Sensitive Data Definition: Instead of seeing thousands of individual "Name" matches, group your report by your "Contextual PHI" Sensitive Data Definition. This shows you only the files that truly matter for HIPAA compliance.

Best Practice:

  • Don't rely on AnyFinds alone. Built-in detectors are great for general data (like SSNs), but health information is highly specific to each hospital or clinic.
  • Always layer a Custom Regex for your specific MRN format on top of the built-in Health AnyFind to ensure 100% coverage of your unique environment.

Summary

Customize by building Regex/Dictionaries for your specific identifiers and using SDDs to link them together with proximity logic. This ensures your health report is accurate, contextual, and audit-ready.

Was this article helpful?

Powered by Product Fruits