| |
Ensuring Outbound Email Compliance
Large enterprises, universities and government organizations are now subject to a growing number of privacy-related regulations that govern the handling of certain types of non-public information (NPI). These regulations extend to the content of email messages leaving the organization.
Ensure Compliance with HIPAA, GLBA and other Regulations
The Proofpoint Regulatory Compliance™ module makes it easy to ensure that outbound message comply with many different types of email-related regulations, including HIPAA and GLBA. Pre-defined dictionaries and "smart identifiers" automatically scan for a wide variety of non-public information including PHI (protected health information as defined by HIPAA) and PFI (personal financial information as defined by GLBA) and let you take appropriate actions on non-compliant communications. Click the image to the right to see more of Proofpoint's convenient interface for building compliance rules.
Rules can be easily created or modified via a point and click interface to support compliance with many other types of information privacy and data security regulations, such as state regulations (e.g., California AB1950 and California SB 1386), Canada's PIPEDA, and various European privacy directives.
Detect All Types of Privacy Data Inside Email
Proofpoint Regulatory Compliance includes a wide variety of out-of-the-box features that help keep your organization compliant with today's information privacy rules. Proofpoint Regulatory Compliance monitors all outgoing email to detect NPI based on dictionaries as well as common NPI identifiers.
Pre-defined and Custom Dictionaries
A variety of pre-defined dictionaries are included with Proofpoint Regulatory Compliance. These dictionaries define common protected health information code sets - such as standard disease, drug, treatment and diagnosis codes used by the healthcare industry - to simplify HIPAA compliance.
New dictionaries can also be defined. These dictionaries can support both exact matches as well as regular expressions. The included HIPAA dictionaries can be expanded to include terms and codes specific to your medical environment, or new dictionaries can be added to support additional regulations such as NASD, PIPEDA and others. Dictionary terms can be weighted to increase or decrease the matching strength of any term, or to allow exceptions.
NPI Identifiers
Proofpoint Regulatory Compliance can also scan for common NPI identifiers such as Social Security Numbers, ABA routing numbers and credit card numbers.
These "smart identifiers" are more sophisticated than simple regular expressions. Proofpoint Regulatory Compliance looks for the correct number of digits, but also computes checksums to confirm that numerical strings that appear to be NPI are actually protected information. This technique greatly reduces the chance of false positives.
Flexible Privacy Rules and Policy Definitions
A point and click interface makes defining and modifying even complex privacy rules quick and easy. Rules can be configured to apply to individual occurrences of NPI or when a certain count of dictionary or NPI identifiers is reached. For example, a rule for tracking fraud or theft of credit card numbers can be set to trigger only if more than three credit card numbers are detected in a message.
Any number of privacy rules can be defined to support specific compliance requirements. Multiple rules can be mapped into policies, for example a HIPAA policy, GLBA policy and AB 1950 policy. Policies can be further customized to apply only to lists of business partners or only to specified inbound or outbound message routes.
Encryption Support
Many regulations specify that non-public data must be transmitted in a secure or encrypted format. Proofpoint Regulatory Compliance supports two types of encyption:
- TLS (Transport Layer Security): When used with the Proofpoint Messaging Security Gateway appliance, the Regulatory Compliance module can be used to define a set of business partners with whom email should always be encrypted. Messages sent to those partners are automatically transmitted using the TLS gateway-to-gateway encryption protocol.
- Third Party Secure Messaging Solutions: Proofpoint supports integration with a wide variety of secure messaging solutions. When used with either the Proofpoint Protection Server or Proofpoint Messaging Security Gateway, the Regulatory Compliance module can reroute messages that contain protected information to your organization's preferred encryption server.
Reporting
Proofpoint Regulatory Compliance helps your organization monitor or track compliance progress with graphical reports that show the number of regulatory breaches over a given timeframe as well as the top offenders of these policies. Reports can be emailed on a scheduled basis or published to an intranet site.
As a first step to understanding their regulatory risk exposure in email, organizations can deploy Proofpoint Regulatory Compliance in an audit mode, which monitors all regulatory breaches without altering messages in any way. Reports can then be used to quantify your organizations level of risk.
|
|
 Overview
Proofpoint Protection Server
Messaging Security Gateway
Virtual Appliance for VMware
Spam Detection
Virus Protection
Zero-Hour Anti-Virus
Content Compliance
Digital Asset Security
Regulatory Compliance
Secure Messaging
MLX Technology
Email Firewall
Messaging Security Console
Dynamic Update Service
Secure Messaging
Download and try it now!
Register to download your free
45-day evaluation now.
Product Literature
Live Online Demo
Web Seminar Replay
Regulatory Compliance
Compliance Building Blocks
| |
The module includes a large
assortment of dictionaries preloaded
with code sets for PHI detection,
required for compliance with HIPAA
and other healthcare regulations.
Dictionaries include HIPAA standard code sets such as:
ICD-9-CM diagnosis and procedure codes
HCPCS common procedure codes
NDC drug codes
Numerous other code sets |
| |
The module also comes with "smart
identifiers" for PFI detection, including
the ability to intelligently detect:
Social Security Numbers
ABA routing numbers
Credit card numbers |
|
