At Cerberus, we often receive questions related to HIPAA compliance and HIPAA-compliant file transfer. In this post, we address a number of those questions so you can feel comfortable when working with patient data.

How Does HIPAA Govern Health Care Data Transfer?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines the minimum standards that need to be met to ensure the confidentiality, privacy, and security of patient health care information in the United States. One of its most significant requirements is the HIPAA Security Rule, which establishes a national set of security standards for the electronic transmission of Personal Health Information.

Which Businesses/Industries Must Comply with HIPAA’s Security Rule?

HIPAA identifies a number of “covered entities” that fall under its regulation. These entities include health care providers, plans, and information clearinghouses. Crucially, any “business associate” of these covered entities must also comply with HIPAA patient data Security Rule.

You can learn if your organization must comply with HIPAA’s Security Rule at this link. In short though, if your organization handles protected health information, or PHI, in electronic format, then you must comply with HIPAA rules.

What is Protected Health Information?

Any information related to health status, the provision of care, and billing for that care that can be used to identify an individual is classified as Protected Health Information (PHI) or ePHI (if the information is stored electronically).

How Should You Configure Your FTP Server to Ensure HIPAA Compliance?

HIPAA’s Security Rule clearly defines the types of file and data transfer safeguards which must be in place for compliance. These include:

Choosing the Right FTP Server for HIPAA Compliance

HIPAA was written to allow covered entities and their business associates the flexibility to choose their own solutions for secure ePHI file transfer. The Security Rule outline above will give you a starting point as you compare different servers. A HIPAA-compliant FTP Server must support:

  • Integration with or authentication against your user database, along with different user roles
  • The ability to create detailed logs and usage reports
  • Support for file retention policies
  • The latest file transfer encryption protocols

If you need to meet the above requirements, Cerberus FTP Server’s Enterprise Edition may be an ideal solution for you.