8 Replies Latest reply: Jul 8, 2014 7:10 AM by Brad McGarr RSS

    Content Policies

    mnoriega

      Hi I just activated the content for the outbound encryption policy but it is not applying.  THat Policy contains the [encrypt] option on the messages and that works, so the policy is applyin but the HIPAA content is set to enable on the 5 categories and does not wok, if I send a message with the SS# or words as diagnosis, depression, etc does not encrypt the mesage.  What I'm missing?  I'm attching a screen shoot. Sorry I'm new to McAfee and need a lot of help.

        • 1. Re: Content Policies
          big_mike

          Hey there mnoriega,

           

          First, if you are only sending out messages that contain Social Security numbers, you will want to also enable the North American PII filters. This group is a lot more broad when searching for SSN's. Also, as far as I know. The HIPAA compliance group contains regex values that look for keyword and information association. I usually suggest enabling both of those groups to ensure your data's privacy.

           

          NAPII.PNG

          • 2. Re: Content Policies
            chipsf

            mnoriega - we have the exact same question.  We just started using SaaS Email Security and have tried to enable all the HIPAA Compliance contents items on our outbound connector but when sending email an email which should be encyrpted, it is not.  How do we get this enabled to work correctly.

            • 3. Re: Content Policies
              Brad McGarr

              big_mike is on the right track here. The HIPAA compliance policies do contain proprietary regular expressions which are looking for common words, phrases, sentense structures, etc. that are common to diagnosis data, etc. Note that this is common, but by no means going to mean every possible combination can be included. For example, often times I see organizations doing proof of concept testing by using lists of diseases, etc. which will not trigger encryption. Or just using keywords assumed to be in the policy, but since it is not a straight dictionary, this will likely not work either.

               

              My recommendation is if your organization is covered by HIPAA, find a way to create a test that mirrors actual communications being sent with this type of information, with replacements (patient name of John Doe, etc.) where neccisary. If it should trigger the filter, but does not, contact your support team and ask that they have the message reviewed (you'll need a copy of the message from the sent items, as well as the received copy, as .msg or .eml format). We may be able to adjust the policy.

               

              Another option is to create a custom list of keywords you would like to see the system always trigger on, such as "diagnosis", etc., but keep in mind this could cause a number of false positives.

               

              Hope this helps.

              • 4. Re: Content Policies
                chipsf

                Is there a way to find out what the regular expressions that are used in the HIPAA Compliance list.  We have enabled them and tried to test the "Contains Social Security Numbers" item but the encryption is never triggered.  Without knowing what kind of syntax the regular expressions are looking for makes it kind of hard to test.

                • 5. Re: Content Policies
                  Brad McGarr

                  The regular expressions used in our pre-built lists are proprietary and confidential information, and cannot be released publicly, so unfortunately that information is not available. The help button when viewing the content policies on the outbound policy sets will give descriptions of each policy, and what it is looking for.

                   

                  For example:

                   

                  Personal Health Info- Contains Social Security Numbers — Patient admission and discharge related information. Social Security Number with SSA Check and Keyword Check.

                   

                  If all of the criteria isn not met, the filter will not trigger. For this filter, it requires Patient Admission and Discharge Related Information, an SSN that passes the SSA Check Algorithm, and keywords related to the social security number.

                  • 6. Re: Content Policies
                    chipsf

                    Brad,

                    Thanks for the help and information.  I was able to enable a social security only policy in the North American PII group and that did in fact cause the email to be encrypted.

                     

                    Is there a way through the portal to see which policies are being fired when a email is encrypted.  We have had a few people complain about an innocuous they sent out ended up being encrypted.  We would like to find out which policy was fired to cause the encryption but right now we can only give them some basic response which is not very helpful.

                    • 7. Re: Content Policies
                      chipsf

                      Does the Content Policies apply towards attachments or just the body of the message.  And if it does attachments, how many levels deep will the check be peformed on?

                      • 8. Re: Content Policies
                        Brad McGarr

                        There is no cut-and-dry method of identifying which specific policy was triggered, message audit only will give what was actually triggered on. Using that information, however, you can often narrow down which policy or few policies that would have triggered based off the content identified. It's not perfect, but it is what is availible.

                         

                        The content policies do check attachments with machine readable text, so your Office documents and similar, text-based PDFs (not to be confused with Image PDFs which contain text, like scans), etc. As far as "how many levels deep", if it's attached, it will get scanned.