Hi,
Welcome to the US healthcare discussion thread.
Some of our US healthcare customers may have noticed a flurry of new HIPAA tagged CCLs appearing over the past couple of months. Full details of all the new CCLs can be found in the "Latest Content Control lists thread".
Our intention with the new CCLs is - perhaps not surprisingly - to make it easier to detect PHI. Prior to the updates we'd focused on PII identifiers that were relevant to HIPAA but also many other pieces of legislation e.g. SSN and CCN. The new CCLS are much more tailored for health care and we need your feedback to make them even better.
Much of the "power" of the new CCLs comes from using them in combination to identify infringements. For example the "Protected health information (PHI) related terms" CCL is designed to be combined ("AND") with an additional CCL that looks for identifier (such as MRN; SSN or CCN) or a medical lexicon (such as "Ailment, disease and diagnosis lexicon" or "Prescription drugs").
Anyway let us know what you think and if possible provide us with example communications or documents that you would expect the HIPAA CCLs to identify (obviously you should replace any really PHI with fake data - often the structure and labels used in an email or document is enough for us to improve detection rates and reduce false positives.
Queries and samples can be submitted by raising a ticket with Sophos support or you can post examples / questions on this forum and the Sophos DLP team will respond.
-John (product manager)
This thread was automatically locked due to age.