DEA
Detects DEA patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.
- Type
- regex
- Engine
- boost_regex
- Confidence
- high
- Confidence justification
- High confidence: validated with Checksum: (d1+d3+d5) + 2*(d2+d4+d6) and supported by corroborative keyword evidence.
- Detection quality
- Verified
- Jurisdictions
- us
- Regulations
- CCPA/CPRA, FTC Act s5, HIPAA, State Breach Laws (US)
- Frameworks
- ISO 27001, ISO 27701, SOC 2
- Data categories
- phi, healthcare
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\b[ABFGMPRX][A-Z9]\d{7}\bCorroborative evidence keywords
MRN, medical record number, patient ID, NPI, DEA, medicare, medicaid, insurance ID, member ID, beneficiary, ICD-10, ICD-9, CPT, NDC, SNOMED, HCPCS, diagnosis code, procedure code, drug code, medication (+8 more)
Proximity: 300 characters
Should match
AB1234567— Standard DEA numberFA9876543— DEA with F prefixMR1234567— Mid-level practitioner DEA
Should not match
CB1234567— Invalid first character (C not in valid set A/B/F/G/M/P/R/X)AB123456— Only 6 digits instead of 7AB12345678— 8 digits instead of 7
Known false positives
- Medical terminology in health education materials, research publications, clinical guidelines, or public health documents without patient-specific data. Mitigation: Require corroborative evidence keywords confirming patient context. Look for co-occurrence with patient identifiers such as medical record numbers or dates of birth.
- General wellness and fitness content using medical vocabulary without constituting protected health information. Mitigation: Layer with patient identifier patterns or healthcare-specific document structure detection to distinguish clinical records from general health content.