NHS Number
Detects NHS Number patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- boost_regex
- Confidence
- medium
- Confidence justification
- Medium confidence: pattern has structural constraints but corroborative keywords are recommended to reduce false positive rates.
- Detection quality
- Mixed
- Jurisdictions
- uk
- Frameworks
- ISO 27001, ISO 27701
- Data categories
- pii, government-id
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\b\d{3}\s?\d{3}\s?\d{4}\bCorroborative evidence keywords
identifier, number, ID, MRN, medical record number, patient ID, NPI, DEA, medicare, medicaid, insurance ID, member ID, beneficiary
Proximity: 300 characters
Should match
123 456 7890— Spaced NHS number1234567890— Continuous NHS number943 476 5919— Real-format NHS number
Should not match
123 456 789— Only 9 digits instead of 10123 456 78901— 11 digits instead of 10123 456 789A— Contains a letter instead of all digits
Known false positives
- Common words and phrases related to nhs number appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
- In British English, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.