Health Insurance Member / Subscriber ID (Labelled)
Detects a labelled health-insurance member, subscriber, policy or group identifier: a member/subscriber/policy/group ID label followed by a 6-15 character alphanumeric value that contains at least one digit. Insurance identifiers are protected health information under HIPAA and are frequently exposed in breach disclosures.
- Type
- regex
- Engine
- universal
- Confidence
- medium
- Confidence justification
- Medium confidence: the value charset is generic, but requiring an explicit member/subscriber/policy/group ID label adjacent to a 6-15 character value containing a digit substantially reduces false positives. Not high because the label-plus-alphanumeric structure can appear in non-health contexts.
- Jurisdictions
- global
- Regulations
- HIPAA
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- phi, health
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z])(?:member|subscriber|policy|group|enrollee|insured)\s+(?:id|identifier|number|no\.?)[\s:#=-]{0,8}(?=[A-Z0-9-]{6,15}(?![A-Z0-9-]))(?:[A-Z-]*\d[A-Z0-9-]*)(?![A-Z0-9-])Corroborative evidence keywords
health insurance, insurance, member id, subscriber id, policy number, group number, health plan, explanation of benefits
Proximity: 300 characters
Should match
Member ID: ABC123456789— Member ID label with alphanumeric value containing digitssubscriber number = XYZ7654321— Subscriber number label, value contains digits, lowercase labelPolicy No. H12-3456-78— Policy number with hyphenated value containing digits
Should not match
Member ID: ABCDEFGH— Value has no digit, likely a word not an identifiergroup photo number twelve was the best— Prose using the words group/number with no identifier valuePolicy No. 12— Value too short (under 6 characters)
Known false positives
- Order numbers, membership IDs for non-health clubs, or group codes that share the member/policy/group labelling. Mitigation: Require corroborative health-insurance keywords (health plan, EOB, payer) within proximity to confirm a health context.