Solutions > Regulatory Compliance > HIPAA-Compliant File Sharing
Cerberus FTP Server
HIPAA-Compliant File Sharing
Secure, HIPAA-compliant file transfer for the healthcare industry through industry-leading encryption, detailed auditing, and fine-grained access permissions
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines the minimum standards that need to be met to ensure the confidentiality, privacy, and security of health care information in the Internet environment. HIPAA requires that all health related data transferred over the Internet be done using industry standard encryption protection.
Cerberus FTP Server meets the requirements for HIPAA-compliant file transfer:
- Provides the necessary access controls to ensure that data is not accessed by unauthorized users.
- Configured by default to require a minimum 128-bit encryption on all connections to ensure that data in motion is always protected. Information can be further protected by enabling Cerberus FTP Server’s FIPS 140-2 encryption mode.
- Provides full logging and auditing of all file activity. Access control can be fully configured per user, password policy restrictions enforced, and each user can be assigned individual, distinct home directories.
Case Study – Duke University
Learn how the Duke University School of Medicine uses Cerberus to stay HIPAA-compliant while sharing protected health information with its medical school researchers.
What to Know About Healthcare File and Data Transfer
Two overarching laws regulate healthcare file transfer – the E.U. General Data Protection Act (GDPR)’s categorization of data concerning health and the U.S.’s Health Insurance Portability and Accountability Act (HIPAA). Below we have listed the core points of each as they relate to secure file transfer of personal health information:
E.U. General Data Protection Act (GDPR)
The GDPR’s Recital 35 defines health data as “all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject.”
While the regulation intentionally avoids specifying particular data security technologies or protocols in order to allow room for emerging technologies, when it comes to transfer of health data under the GDPR certain requirements are clear:
Health data must be processed/transferred via secure encryption.
Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to support your environment.
A health data processor must be able to trace what data was processed, at what time, and what information that data contained.
Our logging feature combined with Event Manager gives an administrator a complete view of all data processing activities with the ability to trigger and save reports based on server events.
Organizations must be able provide data protection officers and independent evaluators with an overview of their data security practices for review.
While this requirement extends beyond file transfer software, Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies to support data security.
U.S. HIPAA Security Rule
HIPAA’s Security Rule applies to all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI). Covered Entities must comply with the four technical safeguards listed here.
Access Control
A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).
Cerberus FTP Server supports the Access Control requirement by offering LDAP or Active Directory integration with the file-transfer server, as well as a customizable user database.
Audit Controls
A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
Cerberus FTP Server provides detailed reports of client activity based on user names, dates ranges, and file access to meet the audit control requirement.
Integrity Controls
A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies in order to comply with the HIPAA Integrity Controls requirement.
Transmission Security
A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.
Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to comply with the Security Rule’s Transmission Security requirement.
For more information:
Try Cerberus FTP Server free for 25 days
- Live US-based phone & email support
- Bulletproof reliability
- Built for complete data control
- Trouble-free enterprise deployment
Full Feature List
Protocols
FTP, FTP/S, SFTP, SCP, HTTP/S
Advanced Security
SSH, SSL, FIPS 140-2
MFT Automation
Event, Alert & Sync Tools
Environments
Windows Server, Cloud & Virtual
Access Protection
IP, User & Protocol Restriction Tools
Account Management
AD, LDAP, 2FA, SSO & More
Auditing and Reporting
File Access, User and Admin Logging
Administration Tools
API, Sync Manager, & Other Tools
HTTPS Web Portal
Browser-Based Transfer from Any Device
Monitoring & Testing
Automated Network, Load and Access Testing
Regulatory Compliance
Auditing, Retention, & Encryption Tools
Award-Winning Support
Phone, Email, & 24/7/365
Industry-Focused Solutions
Cerberus FTP Server supports a wide range of industry and professional needs. Enhance data security, streamline operations, and ensure compliance with regulations.
Uncompromising Commitment To Customer Satisfaction
G2
4.8 / 5
Capterra
4.8 / 5
CNET Download
4.8 / 5
Recognized as an industry-leading secure FTP server
Trusted by Companies Like Yours
Uncompromising Customer Satisfaction
Latest News
File transfer in a “Web 3” environment
Are we about to enter the third era of the World Wide Web and secure file transfer? Many technology experts and journalists feel that we are about to enter a new era of data transfer built on HTTP/3. As more server operating systems support the protocol, data and...
SFTP commands: Details and guide
SFTP commands: Details and guide Cerberus by Redwood provides SFTP transfer operations via a GUI or API. However, more advanced SFTP users may seek to initiate transfers from their command lines. To support these users, we’ve provided a detailed look at the various...
Common SFTP server issues: Solved
Maintaining SFTP servers requires addressing a few common issues that seem to crop up regularly. To help SFTP server administrators, we polled our support team on the most common SFTP server issues they see and the solutions below. 1. Connection issues Connection...
Explore what Cerberus FTP Server can do for you
- 25 Day Free Trial
- No Credit Card Required
- Up and running in less than 15 mins