Jump to content


HIPAA filter is too aggressive

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 Rob Dunn

Rob Dunn
  • Members
  • 3 posts

Posted 16 May 2016 - 03:50 PM

I have several users that are conversing through email and as the thread gets longer, the more likely the messages will get encrypted because an address or privacy statement appears multiple times throughout the message.


This makes this content filter unusable for the most part.  I can't have normal conversations getting encrypted without any clear reason.  So, it would be nice if either: 


  • Ability to add a non-encrypt keyword that would bypass the filter (I've seen this in another topic)
  • Add a line in our email signature that would cause the Barracuda to ignore everything in between (i.e. start signature --- signature contents --- end signature) two predefined lines of text or other identifying info.

At the very least, it would be nice if the filter clearly defined exactly what triggered the encryption...not just HIPAA, etc. - what about HIPAA triggered it?






#2 Rob Dunn

Rob Dunn
  • Members
  • 3 posts

Posted 09 June 2016 - 12:17 PM

So, I've heard no response here, will anyone respond to this to help me?  I've heard that perhaps the next firmware version may help with this. 



#3 Kyle Stewart

Kyle Stewart
  • Members
  • 1 posts

Posted 16 June 2016 - 12:31 PM

I don't have a message in my outbound quarantine at the moment but I know if you look at the Source of the message, it will say what in the message triggered the rule. For us, it's usually someone phone numbers in their signature plus a medical term, which it will give (also sometimes in our users signature (our Dialysis Director was one of them...we had her alter her signature a little)). If I get a false positive in our quarantine later and I think of it, I'll update the thread.

#4 Michael Contumelio

Michael Contumelio
  • Members
  • 3 posts

Posted 20 November 2018 - 10:58 PM

This is apparently still a problem. It's picking up the phone number in our user's signature. I understand the signature is part of the body, but they really need to give us something to minimize these 'false' positives, like exempting certain phone numbers or addresses. I can't believe that Barracuda doesn't already do this. Seems as though they should know better.

#5 George Lama

George Lama
  • Members
  • 3 posts

Posted 27 February 2019 - 10:14 PM

I seldom have users complain about this issue but today things escalated pretty quickly when an important email to our board got encrypted.


Barracuda tech was very helpful in helping me narrow down the cause.  Turns out a resume triggered the encryption.  The culprit? The person is a member of multiple not-for profit foundations with medical conditions in their title related to various illnesses.  Of course, the all-encompassing HIPAA filter clamped down and encrypted the email.


I wish Barracuda would allow us as admins to manage this better, maybe through ESS have the ability to push out the email without encryption once we determine there's nothing requiring encryption as in this case.


As I am not going to break or disable the encryption system, I have to spend time editing a PDF to eliminate the triggers.