2 Replies Latest reply on Mar 30, 2015 1:11 PM by shanegibeault

    Help with Advanced Rule & Email Template creation

    shanegibeault

      I work in a HIPAA compliant environment.  Our business is built around HIPAA compliance.  We use LEM to monitor our network and users to ensure compliance.  One filter we have setup alerts us if anyone moves a patients folder on a secure share.   What usually occurs, is a user in a hurry accidentally drags a folder into another folder while moving the mouse too quickly while clicking to open a folder.  When we get the alert we can move the folder back to its root folder.  The Directors in that department want to be alerted anytime this happens so that they can coach and discipline repeat offenders, as it does seem to happen to the same people repeatedly.  I created a rule & group that would send out the following alert. 

      Group.JPG

       

      It works, no problem.  The directors get the following alert via e-mail when I tested it.  I changed some of the information for security.

       

       

      A HIPAA folder on SERVER.domain.net has been moved or deleted.

       

      Time of deletion/move: 2015-03-27 10:25:10.0

       

      User: John.Doe       

      User's domain: DOMAIN

       

       

      File/Folder: G:\Portal_HIPAA\SHARE\Medical Facility\PatientLast.PatientFirstName\Year\Month

       

      Server: SERVER.domain.net

       

       

      My problem is the "File/Folder:" section.  HIPAA compliance dictates that a patients name is considered Personal Health Information (PHI) and cannot be shared without the patients consent.  So if my e-mail alert went out in production, all the e-mail recipients would see that patients name and we could be fined by the government.  I need a way to ONLY show "File/Folder: G:\Portal_HIPAA\SHARE\Medical Facility" and keep it from putting in the patients name.  Since the patients folder is their name I can't figure out a way to do it.  The rule picks up the entire file path and sends it off.  I need it to only report the medical facility until we setup our internal secure e-mail.  Any help you guys can offer would be much appreciated!