So tuning policies is more of an art than a science as you are fining out. BUt s Daniel H mentions the standard HIPPA/HITECH policy can generate a ton of noise.
THere are a couple of ways that I've dealt with this in the past:
1. Leverage an EDM w/ MRN instead of SSN plus keywords
2. FIngerprint documents (IDM) + keywords to track data
3. Work w/ the diagnostic codes instead the keyword list that is in the HIPPA/HITECH policy.
It takes a combination of the advanced detection technologies to track this stuff correctly