Questions? Contact Sales: 888-558-3645 Live Chat Email

Our highly scalable, HIPAA Compliant Secure FTP Server is built with security in mind. It’s purpose is to protect files that contain Protected Health Information (PHI).

HIPAA Security Standard §164.306 requires covered entities and their business associates to ensure the integrity, confidentiality, and availability of electronic protected health information (ePHI), both at rest, and in transmission. Specifically, these HIPAA protections require data servers to be effectively configured and maintained.

The Price for sFTP are as Follows:

Starting at$199 /mo24 month term Order Now
Starting at$225 /mo12 month term Order Now
Starting at$249 /momonth to month Order Now

IS FTP HIPAA Compliant?

The standard network protocol (the sending and receiving rules for the transfer of computer files between clients and a server) is called File Transfer Protocol (FTP). These rules essentially determine how a computer “talks” to a server, and what it receives back in the form of requested data. But communications of ePHI through a generic file transfer protocol are not secure, and may be compromised by hackers seeking to exploit the confidential information of others. This is primarily because such data is unencrypted; meaning, anyone can read the sensitive and confidential files if accessed.

In addition, a user’s authentication credentials (ie, username and password) which determine account permissions for access to secure data are included along with the client-server data transfer. Unprotected credentials may be easily targeted, “sniffed” by hackers who are skilled at using viruses to breach networks likely to transmit ePHI. Not having protected credentials is tantamount to leaving the front door open, allowing would-be attackers to enter and hold sensitive data hostage. For these reasons, FTP is an insufficient protocol for the secure transmission of sensitive ePHI, a must for HIPAA compliance.

Secure File Transfer

In contrast, Secure File Transfer Protocol (sFTP) has the unique ability to leverage an SSH connection (a Secure Shell, or authenticated cryptographic protocol). This allows the safe transmission and retrieval of sensitive data files from networked hosts, including remote, cloud-based servers. An sFTP connection also has the advantage of being firewall friendly, as well as providing clients with strong authentication options, a robust set of file attributes, and directory information from the server. So, for example, Filezilla isn’t HIPAA compliant, but it could be when you secure the FTP connection with the SFTP solution.

Details and Features of Secure FTP

In addition to providing a secure connection for the data stream, HIPAA Vault’ Secure FTP Server provides a host of resources for protecting sensitive data and maintaining HIPAA compliance, including security tools, password protection, and advanced encryption. In addition, our sFTP server is highly scalable, allowing you to add or subtract storage as needed. Windows SFTP Servers are available, but because of the extra cost of Windows licenses customers usually choose a Linux SFTP Server.
Is FTP HIPAA Compliant?

HIPAA Vault also offers two options for allowing access to the sFTP server: 1.) Two Factor Authentication (2FA), which adds an extra layer of sign-on security for users; or 2.) Source IP Exclusion, in which scripting can be used to control which IP addresses are blocked from server access, and which are allowed.

Two Factor Authentication

Source IP Exclusion

HIPAA Compliant FTP Server Benefits

  • Secure and encrypted transfer to the FTP server
  • Completely secure file transfers to the sFTP Server, utilizing RSA Key Exchange for encryption
  • An encrypted hard drive, ensuring safe storage of PHI in HIPAA Vault’ Secure Data Centers
  • 2 administrative users; and unlimited sFTP user accounts
  • Highly scalable – easily add or remove storage as needed
  • 24/7 sFTP Server monitoring by HIPAA Vault engineers, utilizing enterprise monitoring techniques
  • Managed password policies, with regular changes for increased security
  • Linux Server, available with two-factor authentication or Source IP Exclusion
  • Signed Business Associate Agreement

Common Deployments for SFTP Server

Medical Transcriptions from Remote Employees or Contractors
Storage of Images and Video with PHI (X-Rays, Diagnostics, Screenings, etc.)
Providers and Laboratories Transmitting EMRs

Secure SSH Protocol

Documents are transferred over a secure tunnel using RSA Key Exchange for encryption. The encryption prevents unauthorized access during the transmission of the document between your office and the FTP server located in the HIPAA Vault secure data center.

Encrypted Hard Disk

The hard drive of the SFTP server is encrypted to ensure that the documents reside in an encrypted container, which meets HIPAA guidelines.

Encryption is AES-256 (type of encryption)

Isolation between FTP Users

Each FTP user is isolated from its neighbor, which prevents the FTP user from wandering over and attempting to view or manipulate the files uploaded by another FTP user.

Password Management

HIPAA Vault keeps track of the passwords in an easy to use management system, so that each FTP user can recall or even reset their own password.

HIPAA FTP Monitoring

HIPAA Vault is diligent in monitoring the Secure FTP server. Employing enterprise monitoring techniques, HIPAA Vault staff is alerted if an anomalous condition arises. Engineers are available 24/7 to react during an incident that requires attention.

HIPAA FTP Monitoring

  • Secure and encrypted transfer to the FTP server
  • Encrypted data at-rest and in-transit
  • Anti-Virus protection
  • Anti-malware protection
  • Vulnerability Scanning
  • Host Intrusion Detection
  • Password Management
  • Monitoring
  • Signed Business Associate Agreement

Get a Quick Quote

  • This field is for validation purposes and should be left unchanged.

Our certifications