We are seeing false positives for the rule "Protected health information (PHI) related terms [USA] ", specifically because it it looking for terms related to or near PHI and not necessarily the PHI itself. I have tried combining several PII CCLs with this one, but have not seen anything consistent.
We have attempted to work with support and professional services previously, and the answer is that we need to test and apply changes to our environment for number of instances or matching multiple CCLs. They will not give guidance beyond using the DLP rules that are enabled out of the box.
I wanted to see if there is anyone that has been successful in finding a combination that will identify and encrypt PHI with fewer false positives?
Added tags
[edited by: Raphael Alganes at 9:21 AM (GMT -7) on 2 Jun 2023]