Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 20375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

US healthcare Medical Record Number (MRN) detection

Johnstringer

Hi,

As you all know the patient MRN (Medical Record Number) is an identifier covered by HIPAA. The challenge with MRN's is that there is no standard format within the US health care system. This means that Sophos cannot provide a SophosLabs CCL to detect MRNs (we do look for terms associated with MRN in our PHI terms CCL). However, we do want to provide our customers with assistance in creating their own MRN custom CCL. To this end we've put together a knowledge base article which provides instructions and also some sample CCL code to get you started: http://www.sophos.com/support/knowledgebase/article/112192.html

One the labs team will soon be posting a follow up discussion here on how we can extend the custom MRN CCL to also identify date of birth in close proximity to your organizations MRN.

Let us know your experiences in creating and using the MRN custom CCL.

-John (DLP product manager)

:10911


This thread was automatically locked due to age.
  • 0

    How to create a custom Content Control List for US Medical Record Number near a date

    Summary

    Across the US there is not a widely adopted standard for Medical Record Numbers (MRN) and there is no checksum to avoid false positives. For this reason it may be desirable to combine a check for an MRN with a date (of birth, admission or discharge).

    This KBA is designed to guide you through the process of tightening an existing custom Content Control List (CCL) for MRNs. There is a prerequisite for this KBA of being comfortable with regular expressions and the previous  

    How to modify the regex of your MRN to be near a date

    From the previous KBA you will now have a regex \bmyMRN\b where myMRN is \d{6} or [a-zA-Z]{3}-\d{3}-[a-zA-Z]{3} etc.

    Within the regex we will want to do something like:

    \bmyMRN\b.{0,20}\bmyDATE\b

    which will match your custom MRN (myMRN) near (up to 20 characters) your custom date (myDATE). So first we should define what your date.

    Dates

    You have several options when matching dates depending on what you organisation uses:

    -        The phrases: - date of birth, date of admission, date of discharge, DOB etc.

    -        An alphanumeric date format: - 2011-03-24; 03/24/2011; March 17, 2001 etc.

    -        or both

    Writing a regular expression for the first case in relatively easy

    (?i)\b(?:date of (birth|admission|discharge))|(?:do[bad])\b

    So in this case myDATE would be:

    (?:date of (birth|admission|discharge))|(?:do[bad])

    [We would have to remember the case insensitive modifier.]

    Writing a regular expression for the second case is more difficult but can be made easier by narrowing down the date format e.g. for just the numeric date format.

    \b((?:19\d{2}|20\d{2}|[012]\d|3[01])[\.\/-](?:[012]\d|3[0-1])[\.\/-](?:[012]\d|3[01]|19\d{2}|20\d{2})\b

    In this case myDATE would be:

    (?:19\d{2}|20\d{2}|[012]\d|3[01])[\.\/-](?:[012]\d|3[0-1])[\.\/-](?:[012]\d|3[01]|19\d{2}|20\d{2})

    [Note this expression isn't year 2100 complaint. Valid years run from 1900 to 2099.]

    Including months as words would make the regular expression more complex and at a certain point you may sacrifice elegance for having multiple simpler regular expressions.

    Combining myMRN and myDATE

    We have already shown how we can potentially combine myMRN and myDATE:

    \bmyMRN\b.{0,20}\bmyDATE\b

    However, that may not work as expected depending on the complexity of the regex within the values myMRN and myDATE. A better solution would be:

    \b(?:myMRN)\b.{0,20}\b(?:myDATE)\b

    But this only detects MRN followed by date not date followed by MRN.

    \b(?:myDATE)\b.{0,20}\b(?:myMRN)\b

    Now we have two regular expressions for MRN near a date. If we were feeling adventurous we could combine them.

    \b(?:(?:(?:myMRN)\b.{0,20}\b(?:myDATE))|(?:(?:myDATE)\b.{0,20}\b(?:myMRN)))\b

    Addendum - Regular Expression primer (see KBA for more)

    • (?i) case-insensitive modifier
    • (?=...) positive look-ahead assertion
    :12843
Unfiltered HTML