Mimecast Announces US Healthcare Pack to Manage PHI in Email

Blog Post created by user.lD9iBR438k Employee on Sep 22, 2017

David Hood is the Director of Technical Marketing focused on Office 365, continuity, and the Mimecast API. A Mimecaster since 2015, he’s a frequent speaker and commentator on cloud collaboration.


Mimecast is pleased to announce new data loss prevention (DLP) capabilities to help US healthcare organizations meet HIPAA guidelines.


The Mimecast US Healthcare Pack is managed DLP content to scan, identify, and take action on emails containing protected health information (PHI). Let’s look more in depth at the US Healthcare Pack and how it can help your organization:


  • Requires a customer to use Mimecast for gateway services. This includes any of the M, S or D product bundles, as well as legacy UEM products.
  • Managed DLP content is available out-of-the-box and can be enabled for all email addresses quickly and easily. If necessary, the managed content can be extended with additional policies to address organizational-specific requirements.
  • To identify PHI, Mimecast will scan attachments and the email body for the presence of:
    • Names
    • Social security numbers
    • ICD-10 codes
    • FDA drug name
    • Driver’s license numbers
    • Claim numbers
    • ...and more
  • Mimecast will update the managed DLP content to remain current with underlying sources. Some sources will be updated on a weekly basis, while others less frequently. Importantly, as a cloud service, these updates are available immediately to the organization, without administrative actions.


If PHI is found in email, there are a number of actions that the organization can take. Administrators can:


  • Reject the message
  • Encrypt (this can be done with TLS or be used in tandem with Mimecast Secure Messaging)
  • Hold the message for review
  • Convert the file
  • Remove emails with PHI content from internal mailboxes (if the organization uses Mimecast Internal Email Protect and the US Healthcare Pack)


According to the 2017 Verizon Data Breach Report, healthcare is the second most breached industry behind financial services. A big difference is that in healthcare, employees are the predominant reason for a breach. Unfortunately, with highly sensitive PHI data, any employee mistake can have far-reaching consequences. For example, a busy, well-intentioned staff member can carelessly attach a file with PHI to an email.


While less frequent, malicious employees with access to PHI have emailed thousands of patient records to a personal email address. In both cases, the Mimecast US Healthcare Pack will help identify and stop this mail before it leaves the organization.


Interested in learning more? Visit the Mimecast Knowledge Base for more information on the US Healthcare Pack.