Zix Policy Definitions

• The purpose of this report is to identify email messages that were sent via policy action through the Zix secure message portal.

• This report specifically identifies sensitive email sent without #phi# or #secure# in the subject line.

• Use the "policyNames" column to determine how the email was sent.

• Email sent to phone-number@fax.phtech.com can be ignored.

• NOTE: Failure to include #phi# or #secure# is identified when the "policyNames" column does not include "#phi# Keyword Policy" or "#secure# Keyword Policy".  "Default Policy" can be ignored.

Default Policy: For all outgoing mail where the end user selects the Send button. This policy ensures that setting up your ZixGateway will not interrupt the regular mail flow. ZixCorp’s Encrypt if You Can is invoked if an email is sent using the Plaintext delivery method and this policy.

HIPAA Encrypt: The HIPAA Encryption Policy is an Encryption policy that encrypts all outgoing email messages when the message contains Personal Health Violations in any combination of the subject, body or attachments.

Medicare Encrypt: Medicare Beneficiary Identifier lexicon which scans for the new Medicare Beneficiary Identifier format.

SSN Encrypt: This policy is triggered when a social security number is identified in the outgoing email message.

#phi# Keyword Policy: This policy is triggered when a PH TECH employee sends an email with #phi# in the subject line.

#secure# Keyword Policy: This policy is triggered when a users adds #secure# to the email subject.

GoogleDLP Keyword Policy: Outbound email from Gmail is first analyzed by Gmail DLP. If sensitive content is found, [GoogleDLP] is appended to the email subject and then passed to Zix for delivery via the PH TECH secure message portal.