The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines the minimum standards that need to be met to ensure the confidentiality, privacy, and security of health care information in the Internet environment. HIPAA requires that all health related data transferred over the Internet be done using industry standard encryption protection.
Cerberus FTP Server meets the requirements for HIPAA-compliant file transfer:
- Provides the necessary access controls to ensure that data is not accessed by unauthorized users.
- Configured by default to require a minimum 128-bit encryption on all connections to ensure that data in motion is always protected. Information can be further protected by enabling Cerberus FTP Server’s FIPS 140-2 encryption mode.
- Provides full logging and auditing of all file activity. Access control can be fully configured per user, password policy restrictions enforced, and each user can be assigned individual, distinct home directories.
Case Study – Duke University
Learn how the Duke University School of Medicine uses Cerberus to stay HIPAA-compliant while sharing protected health information with its medical school researchers.
What to Know About Healthcare File and Data Transfer
Two overarching laws regulate healthcare file transfer – the E.U. General Data Protection Act (GDPR)’s categorization of data concerning health and the U.S.’s Health Insurance Portability and Accountability Act (HIPAA). Below we have listed the core points of each as they relate to secure file transfer of personal health information:
E.U. General Data Protection Act (GDPR)
The GDPR’s Recital 35 defines health data as “all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject.”
While the regulation intentionally avoids specifying particular data security technologies or protocols in order to allow room for emerging technologies, when it comes to transfer of health data under the GDPR certain requirements are clear:
Health data must be processed/transferred via secure encryption.
A health data processor must be able to trace what data was processed, at what time, and what information that data contained.
Organizations must be able provide data protection officers and independent evaluators with an overview of their data security practices for review.
While this requirement extends beyond file transfer software, Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies to support data security.
U.S. HIPAA Security Rule
HIPAA’s Security Rule applies to all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information” (e-PHI). Covered Entities must comply with the four technical safeguards listed here.
A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).
Cerberus FTP Server supports the Access Control requirement by offering LDAP or Active Directory integration with the file-transfer server, as well as a customizable user database.
A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
Cerberus FTP Server provides detailed reports of client activity based on user names, dates ranges, and file access to meet the audit control requirement.
A covered entity must implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed.
Cerberus FTP Server’s Folder Manager feature allows administrators to create and customize their file retention policies in order to comply with the HIPAA Integrity Controls requirement.
A covered entity must implement technical security measures that guard against unauthorized access to e-PHI that is being transmitted over an electronic network.
Cerberus FTP Server provides FIPS 140-2 encryption and support for a variety of secure transfer protocols (SFTP, FTPS, HTTPS, SCP, etc.) to comply with the Security Rule’s Transmission Security requirement.
For more information:
Try Cerberus FTP Server free for 25 days
- Live US-based phone & email support
- Bulletproof reliability
- Built for complete data control
- Trouble-free enterprise deployment
Full Feature List
Cerberus FTP Server supports a wide range of industry and professional needs. Enhance data security, streamline operations, and ensure compliance with regulations.
Government FIPS Compliance
Healthcare & HIPAA
Law & Legal
Uncompromising Commitment To Customer Satisfaction
4.8 / 5
4.8 / 5
4.8 / 5
Recognized as an industry-leading secure FTP server
Trusted by Companies Like Yours
Uncompromising Customer Satisfaction
What’s the Best File Transfer Method for Cisco Unified Communications Manager (CUCM) Backups and Firmware Updates?
One of the most common applications for SFTP Servers is updating and backing up devices and endpoints controlled by either Cisco Unified Computing System Manager (UCSM) or Cisco Unified Communications Manager (CUCM). And because of Cisco’s ubiquity in the market,...
One Time Password (OTP) secured public file sharing is now available in Cerberus FTP Server 13.2. With this release, users have the ability to restrict and track access of public file shares from the web-client with a new security option that restricts access to the...
Encrypted file transfer in a solution like Cerberus FTP Server is simple to implement, but with a number of encryption and cipher options available, it can be helpful to understand exactly how your data is secured. Today, we’ll review the Advanced Encryption Standard...
Explore what Cerberus FTP Server can do for you
- 25 Day Free Trial
- No Credit Card Required
- Up and running in less than 15 mins