If you organization deals with HIPAA topics in your email messages, you need to define the following three policies:
This policy blocks email messages that have a Personal Health Violation, in its entirety, in the subject and returns them to the sender. The sender must reword the Subject and resend the message. This policy is required because the subject line can not be encrypted and is sent regardless of whether the message body is encrypted.
The step-by-step procedure for creating this policy is in Practice—Creating a Routing Policy to Block HIPAA in Subject.
|
Policy Type |
Routing |
|
Label |
HIPAA Blocking Policy |
|
From |
Enable All Patterns |
|
To |
Enable All Patterns |
|
Glossary and Bindings |
Subject in the HIPAA Violation (standard) row |
|
Send Options |
Send, Encrypt & Send, Send Unencrypted, ZixDirect Reply & Forward |
|
Message Action |
Do Not Send |
|
Policy Trigger |
Outbound |
|
Recipients |
Sender |
|
Send Format |
Send the email back to the sender so that the sender can change the subject line and resend the email. |
|
Subject and Message |
ZixCorp recommends that you use a custom message or subject to inform the sender why the email is being returned. |
This policy encrypts outgoing email messages when the message contains Personal Health Violations in any combination of the subject, body, or attachments and the sender clicking the Send option.
The step-by-step procedure for creating this policy is in Practice—Creating a HIPAA Encryption Policy.
|
Policy Type |
Encryption |
|
Label |
HIPAA Encryption Policy |
|
From |
Enable All Patterns |
|
To |
Enable All Patterns |
|
Glossary and Bindings |
Subject, Body, and Attachments in the HIPAA Violation (standard) row |
|
Send Options |
Send |
|
Delivery Method |
VPM-S/MIME, ZixVPM, ZixMail, and/or ZixDirect or ZixPort |
|
Request Receipt |
Optional |
This policy returns a message to the sender if the sender attempts to click the ZixSelect Send Unencrypted button to send a message that contains Personal Health Information (PHI) in any combination in the subject, body, or attachments. The sender must resend the message using the regular Send or ZixSelect Encrypt & Send buttons.
The step-by-step procedure for creating this policy is in Practice—Creating a Routing Policy to Block HIPAA Plaintext.
|
Policy Type |
Routing |
|
Label |
Block HIPAA for Send Unencrypted |
|
From |
Enable All Patterns |
|
To |
Enable All Patterns |
|
Glossary and Bindings |
Subject, Body, and Attachments in the HIPAA Violation (standard) row |
|
Send Options |
Send Unencrypted |
|
Message Action |
Do Not Send |
|
Policy Trigger |
Outbound |
|
Recipients |
Sender |
|
Send Format |
Send the email back to the sender so that the sender can resend the message encrypted. |
|
Subject and Message |
ZixCorp recommends that you use a custom message or subject to inform the sender why the email is being returned. |