HIPAA Compliant FTP Server

sftp-server

Secure FTP Server

Protects Files During FTP Transmission

Our highly scalable, HIPAA Compliant Secure FTP Server is built with security in mind. It’s purpose is to protect files that contain Protected Health Information (PHI).

HIPAA Security Standard §164.306 requires covered entities and their business associates to ensure the integrity, confidentiality, and availability of electronic protected health information (ePHI), both at rest, or transmission. Specifically, these HIPAA protections require data servers to be effectively configured and maintained to:

  • Preserve Data Integrity – Anticipate any hazards/threats to ePHI, and take all necessary steps to protect it from data loss or corruption.
  • Preserve Data Confidentiality – Anticipate the potential for unauthorized access and disclosures, and protect against them.
  • Preserve Data Availability – Ensure that data continues to be accessible for required levels of performance, and implement necessary security policies and procedures (including redundancy, network protection, and optimization) to maintain availability.

Is FTP HIPAA Compliant?

The standard network protocol (the sending and receiving rules for the transfer of computer files between clients and a server) is called File Transfer Protocol (FTP). These rules essentially determine how a computer “talks” to a server, and what it receives back in the form of requested data. But communications of ePHI through a generic file transfer protocol are not secure, and may be compromised by hackers seeking to exploit the confidential information of others. This is primarily because such data is unencrypted; meaning, anyone can read the sensitive and confidential files if accessed.

In addition, a user’s authentication credentials (ie, username and password) which determine account permissions for access to secure data are included along with the client-server data transfer. Unprotected credentials may be easily targeted, “sniffed” by hackers who are skilled at using viruses to breach networks likely to transmit ePHI. Not having protected credentials is tantamount to leaving the front door open, allowing would-be attackers to enter and hold sensitive data hostage. For these reasons, FTP is an insufficient protocol for the secure transmission of sensitive ePHI, a must for HIPAA compliance.

Secure File Transfer

In contrast, Secure File Transfer Protocol (sFTP) has the unique ability to leverage an SSH connection (a Secure Shell, or authenticated cryptographic protocol). This allows the safe transmission and retrieval of sensitive data files from networked hosts, including remote, cloud-based servers. An sFTP connection also has the advantage of being firewall friendly, as well as providing clients with strong authentication options, a robust set of file attributes, and directory information from the server. So, for example, Filezilla isn’t HIPAA compliant, but it could be when you secure the FTP connection with the SFTP solution.

Details and Features of Secure FTP

In addition to providing a secure connection for the data stream, VM Racks’ Secure FTP Server provides a host of resources for protecting sensitive data and maintaining HIPAA compliance, including security tools, password protection, and advanced encryption. In addition, our sFTP server is highly scalable, allowing you to add or subtract storage as needed. Windows SFTP Servers are available, but because of the extra cost of Windows licenses customers usually choose a Linux SFTP Server.

Security Tools

VM Racks network security tools provide a robust defense against the latest threats that would compromise PHI, working to protect the environment and surround the data stream with added layers of protection. Tools such as Anti-Virus, Anti-Malware, Vulnerability Scanning, and Host Intrusion Detection work to repel the waves of threats from cyber criminals looking to exploit confidential data.

Password Protection

The practice of storing a list of repetitively used, unprotected passwords on a computer or other device that may fall into the wrong hands is only asking for trouble. With VM Racks sFTP server, Password Management tools are provided. VM Racks keeps track of all passwords in an easy to use management system, and allows each sFTP user to recall or even reset their own password.

Encryption

Utilizing VM Racks Secure FTP server ensures that files in the cloud are encrypted with AES-256 symmetric cryptography. HIPAA compliance is also maintained for data in-transit, which is also encrypted using an RSA 2048 bit key.

VM Racks staff is alerted if any anomalous condition that arises, and engineers are available 24/7 to react to an incident that requires attention. VM Racks also offers two options for allowing access to the sFTP server: 1.) Two Factor Authentication (2FA), which adds an extra layer of sign-on security for users; or 2.) Source IP Exclusion, in which scripting can be used to control which IP addresses are blocked from server access, and which are allowed.

Two Factor Authentication

Source IP Exclusion

HIPAA Compliant FTP Server Benefits

  • Secure and encrypted transfer to the FTP server
  • Completely secure file transfers to the sFTP Server, utilizing RSA Key Exchange for encryption
  • An encrypted hard drive, ensuring safe storage of PHI in VM Racks’ Secure Data Centers
  • 2 administrative users; and unlimited sFTP user accounts
  • Highly scalable – easily add or remove storage as needed
  • 24/7 sFTP Server monitoring by VM Racks engineers, utilizing enterprise monitoring techniques
  • Managed password policies, with regular changes for increased security
  • Linux Server, available with two-factor authentication or Source IP Exclusion
  • Signed Business Associate Agreement

Common Deployments for SFTP Server

Medical Transcriptions from Remote Employees or Contractors
Storage of Images and Video with PHI (X-Rays, Diagnostics, Screenings, etc.)
Providers and Laboratories Transmitting EMRs

Secure SSH Protocol

Documents are transferred over a secure tunnel using RSA Key Exchange for encryption. The encryption prevents unauthorized access during the transmission of the document between your office and the FTP server located in the VM Racks secure data center.

Encrypted Hard Disk

The hard drive of the SFTP server is encrypted to ensure that the documents reside in an encrypted container, which meets HIPAA guidelines.

Encryption is AES-256 (type of encryption)

Isolation between FTP Users

Each FTP user is isolated from its neighbor, which prevents the FTP user from wandering over and attempting to view or manipulate the files uploaded by another FTP user.

Password Management

VM Racks keeps track of the passwords in an easy to use management system, so that each FTP user can recall or even reset their own password.

HIPAA FTP Monitoring

VM Racks is diligent in monitoring the Secure FTP server. Employing enterprise monitoring techniques, VM Racks staff is alerted if an anomalous condition arises. Engineers are available 24/7 to react during an incident that requires attention.

The protection is at several levels including:

  • Secure and encrypted transfer to the FTP server
  • Encrypted data at-rest and in-transit
  • Anti-Virus protection
  • Anti-malware protection
  • Vulnerability Scanning
  • Host Intrusion Detection
  • Password Management
  • Monitoring
  • Signed Business Associate Agreement

Get a Quick Quote

Please fill out the form below and we will get back to you quickly with a quote for your project.

Product Interest - Choose at least one *

System Requirements

Our Certifications

CONTACT OUR SALES TEAM AT 888-558-3645 OR GET A QUICK QUOTE