To protect leakage of sensitive data and to provide HIPAA compliance, the Barracuda Web Security Gateway can be configured to detect, capture and archive specific data patterns such as credit card numbers, Social Security numbers (U.S.), HIPAA and privacy information. Use the Suspicious Keywords and Data Patterns feature on the BLOCK/ACCEPT > Web App Monitor page to configure. See also How to Configure Web Application Monitoring.
SSL Inspection and HIPAA Compliance
When the SSL Inspection feature is turned on, the Barracuda Web Security Gateway can be configured to decrypt HTTPS content in user web requests, including search strings, chat/share/comments and other content in order to capture that content and archive if necessary. Note that, in order to comply with HIPAA regulations, domains belonging to the categories Finance & Investment (in the Commerce supercategory) and Health & Medicine (in the Information supercategory) SHOULD NOT BE SSL inspected. If those categories are added to the Inspected Categories table in the Inspected Categories section of the ADVANCED > SSL Inspection page, all domains in those categories will be exempt from SSL Inspection to comply with HIPAA regulations. See also Using SSL Inspection With the Barracuda Web Security Gateway.