Solutions > Regulatory Compliance > HIPAA-Compliant File Sharing

Cerberus FTP Server

HIPAA-Compliant File Sharing

Secure, HIPAA-compliant file transfer for the healthcare industry through industry-leading encryption, detailed auditing, and fine-grained access permissions

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines the minimum standards that need to be met to ensure the confidentiality, privacy, and security of health care information in the Internet environment. HIPAA requires that all health related data transferred over the Internet be done using industry standard encryption protection.

Cerberus FTP Server meets the requirements for HIPAA-compliant file transfer:

 

  • Provides the necessary access controls to ensure that data is not accessed by unauthorized users.
  • Configured by default to require a minimum 128-bit encryption on all connections to ensure that data in motion is always protected. Information can be further protected by enabling Cerberus FTP Server’s FIPS 140-2 encryption mode.
  • Provides full logging and auditing of all file activity. Access control can be fully configured per user, password policy restrictions enforced, and each user can be assigned individual, distinct home directories.

Case Study – Duke University

Learn how the Duke University School of Medicine  uses Cerberus to stay HIPAA-compliant while sharing protected health information with its medical school researchers.

What to Know About Healthcare File and Data Transfer

Two overarching laws regulate healthcare file transfer – the E.U. General Data Protection Act (GDPR)’s categorization of data concerning health and the U.S.’s Health Insurance Portability and Accountability Act (HIPAA). Below we have listed the core points of each as they relate to secure file transfer of personal health information:

E.U. General Data Protection Act (GDPR)

The GDPR’s Recital 35 defines health data as “all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject.”

While the regulation intentionally avoids specifying particular data security technologies or protocols in order to allow room for emerging technologies, when it comes to transfer of health data under the GDPR certain requirements are clear:

Health data must be processed/transferred via secure encryption.

Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment.

A health data processor must be able to trace what data was processed, at what time, and what information that data contained.

Our logging feature combined with Event Manager gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.

Organizations must be able provide data protection officers and independent evaluators with an overview of their data security practices for review.

While this requirement extends beyond file transfer software, Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies to support data security.

U.S. HIPAA Security Rule

HIPAA’s Security Rule applies to all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI). Covered Entities must comply with the four technical safeguards listed here.

Access Control

A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).

Cerberus FTP Server supports the Access Control requirement by offering LDAP or Active Directory integration with the file-transfer server, as well as a customizable user database.

Audit Controls

A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.

Cerberus FTP Server provides detailed reports of client activity based on user names, dates ranges, and file access to meet the audit control requirement.

Integrity Controls

A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.

Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies in order to comply with the HIPAA Integrity Controls requirement.

Transmission Security

A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.

Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to comply with the Security Rule’s Transmission Security requirement.

Try Cerberus FTP Server free for 25 days

  • Live US-based phone & email support
  • Bulletproof reliability
  • Built for complete data control
  • Trouble-free enterprise deployment

Full Feature List

Cerberus FTP Server HIPAA Compliance Icon

Protocols

FTP, FTP/S, SFTP, SCP, HTTP/S

Advanced Security

SSH, SSL, FIPS 140-2

MFT Automation

Event, Alert & Sync Tools

Cerberus FTP Server Automated File Transfer Event Manager Icon

Environments

Windows Server, Cloud & Virtual

Access Protection

IP, User & Protocol Restriction Tools

Account Management

AD, LDAP, 2FA, SSO & More

Auditing and Reporting

File Access, User and Admin Logging

Cerberus FTP Server Automated File Transfer Event Manager Icon

Administration Tools

API, Sync Manager, & Other Tools

HTTPS Web Portal

Browser-Based Transfer from Any Device

Monitoring & Testing

Automated Network, Load and Access Testing

Regulatory Compliance

Auditing, Retention, & Encryption Tools

Cerberus FTP Server Automated File Transfer Event Manager Icon

Award-Winning Support

Phone, Email, & 24/7/365

Industry-Focused Solutions

Cerberus FTP Server supports a wide range of industry and professional needs. Enhance data security, streamline operations, and ensure compliance with regulations.

Uncompromising Commitment To Customer Satisfaction

Top rated FTP Server for over 20 years
Unwavering dedication to security and compliance
Consistent product updates and security patches
World-class, experienced, US-based support via phone or email
G2 Logo

G2

Stars

4.8 / 5

Capterra Logo

Capterra

Stars

4.8 / 5

CNET Downloads Logo

CNET Download

Stars

4.8 / 5

Recognized as an industry-leading secure FTP server

Trusted by Companies Like Yours

Uncompromising Customer Satisfaction

Latest News

Cerberus FTP Server 13.2 One Time Password Public File Sharing

One Time Password (OTP) secured public file sharing is now available in Cerberus FTP Server 13.2. With this release, users have the ability to restrict and track access of public file shares from the web-client with a new security option that restricts access to the...

What is AES 256 Encryption & How Does it Work?

Encrypted file transfer in a solution like Cerberus FTP Server is simple to implement, but with a number of encryption and cipher options available, it can be helpful to understand exactly how your data is secured. Today, we’ll review the Advanced Encryption Standard...

Explore what Cerberus FTP Server can do for you

  • 25 Day Free Trial
  • No Credit Card Required
  • Up and running in less than 15 mins