Again, I'd prefer to go with a Custom Data Identifier...but if you had to go with the regex, you could easily do something like this (happened to find some notes from a customer that I did this for previously):
Regex: confidential (?!document)
Will match the word "confidential" in the following sentence: "The message that I am writing is confidential and for your eyes only."
Will not match the word "confidential" in the following sentence: "This is a confidential document."
You'll need to test that out, of course, and probably want something a little more robust, but that might get you started.
Regards,
~Keith