Summary:
The policy aims to enforce compliance with the Australian Health Records and Information Privacy (HRIP) Act by monitoring and managing sensitive information, such as medical account numbers and tax file numbers, across organisational data.
🧾 Policy Overview
🧭 Name: E8-IBP-Australia Health Records Act (HRIP Act)
🔐 Purpose: Detects the presence of information regulated under the Health Records and Information Privacy Act (HRIP) in Australia, such as medical account numbers and tax file numbers.
🛠️ Type: Data Loss Prevention (DLP)
📦 Mode: Audit (TestWithoutNotifications)
🧪 Simulation Policy: Yes
📌 Status: Valid
📋 Priority: 2
🔑 Minimum Licensing Requirement: Microsoft 365 Business Premium
🎯 Detection Rules
✅ High Volume Detection
Triggers when ≥10 instances of either:
Australia Tax File Number
Australia Medical Account Number
Confidence Level: ≥85% (High)
Access Scope: NotInOrganization
Severity: High
Generates alerts and incident reports for SiteAdmin
Notifies: SiteAdmin, LastModifier, Owner
✅ Low Volume Detection
Triggers when 1–9 instances of the same identifiers
Same confidence level and access scope
Severity: Low
Sends notifications (no alerts or incident reports)
📍 Coverage Scope
Applies to:
Exchange (emails)
SharePoint
OneDrive for Business
Teams
On-Premises Scanner
Targets all locations within these services.