Solutions > Regulatory Compliance > HIPAA-Compliant File Sharing

Cerberus FTP Server

HIPAA-Compliant File Sharing

Secure, HIPAA-compliant file transfer for the healthcare industry through industry-leading encryption, detailed auditing, and fine-grained access permissions

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines the minimum standards that need to be met to ensure the confidentiality, privacy, and security of health care information in the Internet environment. HIPAA requires that all health related data transferred over the Internet be done using industry standard encryption protection.

Cerberus FTP Server meets the requirements for HIPAA-compliant file transfer:


  • Provides the necessary access controls to ensure that data is not accessed by unauthorized users.
  • Configured by default to require a minimum 128-bit encryption on all connections to ensure that data in motion is always protected. Information can be further protected by enabling Cerberus FTP Server’s FIPS 140-2 encryption mode.
  • Provides full logging and auditing of all file activity. Access control can be fully configured per user, password policy restrictions enforced, and each user can be assigned individual, distinct home directories.

Case Study – Duke University

Learn how the Duke University School of Medicine  uses Cerberus to stay HIPAA-compliant while sharing protected health information with its medical school researchers.

What to Know About Healthcare File and Data Transfer

Two overarching laws regulate healthcare file transfer – the E.U. General Data Protection Act (GDPR)’s categorization of data concerning health and the U.S.’s Health Insurance Portability and Accountability Act (HIPAA). Below we have listed the core points of each as they relate to secure file transfer of personal health information:

E.U. General Data Protection Act (GDPR)

The GDPR’s Recital 35 defines health data as “all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject.”

While the regulation intentionally avoids specifying particular data security technologies or protocols in order to allow room for emerging technologies, when it comes to transfer of health data under the GDPR certain requirements are clear:

Health data must be processed/transferred via secure encryption.

Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment.

A health data processor must be able to trace what data was processed, at what time, and what information that data contained.

Our logging feature combined with Event Manager gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.

Organizations must be able provide data protection officers and independent evaluators with an overview of their data security practices for review.

While this requirement extends beyond file transfer software, Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies to support data security.

U.S. HIPAA Security Rule

HIPAA’s Security Rule applies to all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI). Covered Entities must comply with the four technical safeguards listed here.

Access Control

A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).

Cerberus FTP Server supports the Access Control requirement by offering LDAP or Active Directory integration with the file-transfer server, as well as a customizable user database.

Audit Controls

A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.

Cerberus FTP Server provides detailed reports of client activity based on user names, dates ranges, and file access to meet the audit control requirement.

Integrity Controls

A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.

Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies in order to comply with the HIPAA Integrity Controls requirement.

Transmission Security

A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.

Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to comply with the Security Rule’s Transmission Security requirement.

Try Cerberus FTP Server free for 25 days

  • Live US-based phone & email support
  • Bulletproof reliability
  • Built for complete data control
  • Trouble-free enterprise deployment

Full Feature List

Cerberus FTP Server HIPAA Compliance Icon



Advanced Security

SSH, SSL, FIPS 140-2

MFT Automation

Event, Alert & Sync Tools

Cerberus FTP Server Automated File Transfer Event Manager Icon


Windows Server, Cloud & Virtual

Access Protection

IP, User & Protocol Restriction Tools

Account Management

AD, LDAP, 2FA, SSO & More

Auditing and Reporting

File Access, User and Admin Logging

Cerberus FTP Server Automated File Transfer Event Manager Icon

Administration Tools

API, Sync Manager, & Other Tools

HTTPS Web Portal

Browser-Based Transfer from Any Device

Monitoring & Testing

Automated Network, Load and Access Testing

Regulatory Compliance

Auditing, Retention, & Encryption Tools

Cerberus FTP Server Automated File Transfer Event Manager Icon

Award-Winning Support

Phone, Email, & 24/7/365

Industry-Focused Solutions

Cerberus FTP Server supports a wide range of industry and professional needs. Enhance data security, streamline operations, and ensure compliance with regulations.

Uncompromising Commitment To Customer Satisfaction

Top rated FTP Server for over 20 years
Unwavering dedication to security and compliance
Consistent product updates and security patches
World-class, experienced, US-based support via phone or email
G2 Logo



4.8 / 5

Capterra Logo



4.8 / 5

CNET Downloads Logo

CNET Download


4.8 / 5

Recognized as an industry-leading secure FTP server

Trusted by Companies Like Yours

Uncompromising Customer Satisfaction

Latest News

Bulk Import of IP Addresses via CSV Files

Starting from version 2024.2.0, Cerberus FTP Server has introduced a new feature in the IP Firewall Management section under Firewall Controls > Country and IP Restrictions. This feature allows for the bulk import of IP Addresses and IP Address Ranges using CSV...

What is Managed File Transfer (MFT)?

By some estimates, 463 exabytes of data are created every day. That’s a lot of information for the world’s organizations to manage, and as they exchange ever-growing amounts of data at increasing frequencies, it can be hard for manual file transfer tools to keep up....

Navigating cloud-hosted FTP servers: A comprehensive overview

Over the last decade, cloud-based file transfer has become a heavily used process among many organizations. While cloud FTP solutions provide a good mix of flexibility, scalability and accessibility, they also offer a broad range of implementation options that are...

Explore what Cerberus FTP Server can do for you

  • 25 Day Free Trial
  • No Credit Card Required
  • Up and running in less than 15 mins