On the Cisco Email Security Appliance (ESA), with the Health Insurance Portability and Accountability Act (HIPAA) policy configured in Data Loss Prevention (DLP), a message that contains only a Social Security Number in the body is not detected as a policy violation.
The predefined DLP HIPAA policy template uses the HIPAA Dictionaries classifier to detect medical-related data. This classifier works with the Patient Identifiers classifier to detect personal information. The HIPAA DLP policy requires a match on this classifier AND a match on a personal information identifier, such as a US Social Security Number or US National Provider Identifier, to return a DLP violation.
angina, cancer (Match)
angina (No match because it needs more than one term)
headache, fever (Match)
camphor glycerin (Match)
fracture paralysis (Match)
bite cut (Match)
The US Social Security Number classifier requires a properly formatted number as well as supporting data, such as a date of birth, name, or the string SSN.
321-02-3456 (No match because of no supporting information)
321-02-3456 July 4 (Match)
321-02-3456 7/4/1980 (Match)
321-02-3456 7/4 (No match)
321-02-3456 321-02-7654 (Match because of more than one SSN)