Our highly scalable, HIPAA Compliant Secure FTP Server is built with security in mind. It’s purpose is to protect files that contain Protected Health Information (PHI).
HIPAA Security Standard §164.306 requires covered entities and their business associates to ensure the integrity, confidentiality, and availability of electronic protected health information (ePHI), both at rest, or transmission. Specifically, these HIPAA protections require data servers to be effectively configured and maintained to:
The standard network protocol (the sending and receiving rules for the transfer of computer files between clients and a server) is called File Transfer Protocol (FTP). These rules essentially determine how a computer “talks” to a server, and what it receives back in the form of requested data. But communications of ePHI through a generic file transfer protocol are not secure, and may be compromised by hackers seeking to exploit the confidential information of others. This is primarily because such data is unencrypted; meaning, anyone can read the sensitive and confidential files if accessed.
In addition, a user’s authentication credentials (ie, username and password) which determine account permissions for access to secure data are included along with the client-server data transfer. Unprotected credentials may be easily targeted, “sniffed” by hackers who are skilled at using viruses to breach networks likely to transmit ePHI. Not having protected credentials is tantamount to leaving the front door open, allowing would-be attackers to enter and hold sensitive data hostage. For these reasons, FTP is an insufficient protocol for the secure transmission of sensitive ePHI, a must for HIPAA compliance.
In contrast, Secure File Transfer Protocol (sFTP) has the unique ability to leverage an SSH connection (a Secure Shell, or authenticated cryptographic protocol). This allows the safe transmission and retrieval of sensitive data files from networked hosts, including remote, cloud-based servers. An sFTP connection also has the advantage of being firewall friendly, as well as providing clients with strong authentication options, a robust set of file attributes, and directory information from the server. So, for example, Filezilla isn’t HIPAA compliant, but it could be when you secure the FTP connection with the SFTP solution.
In addition to providing a secure connection for the data stream, VM Racks’ Secure FTP Server provides a host of resources for protecting sensitive data and maintaining HIPAA compliance, including security tools, password protection, and advanced encryption. In addition, our sFTP server is highly scalable, allowing you to add or subtract storage as needed. Windows SFTP Servers are available, but because of the extra cost of Windows licenses customers usually choose a Linux SFTP Server.
VM Racks network security tools provide a robust defense against the latest threats that would compromise PHI, working to protect the environment and surround the data stream with added layers of protection. Tools such as Anti-Virus, Anti-Malware, Vulnerability Scanning, and Host Intrusion Detection work to repel the waves of threats from cyber criminals looking to exploit confidential data.
The practice of storing a list of repetitively used, unprotected passwords on a computer or other device that may fall into the wrong hands is only asking for trouble. With VM Racks sFTP server, Password Management tools are provided. VM Racks keeps track of all passwords in an easy to use management system, and allows each sFTP user to recall or even reset their own password.
Utilizing VM Racks Secure FTP server ensures that files in the cloud are encrypted with AES-256 symmetric cryptography. HIPAA compliance is also maintained for data in-transit, which is also encrypted using an RSA 2048 bit key.
VM Racks staff is alerted if any anomalous condition that arises, and engineers are available 24/7 to react to an incident that requires attention. VM Racks also offers two options for allowing access to the sFTP server: 1.) Two Factor Authentication (2FA), which adds an extra layer of sign-on security for users; or 2.) Source IP Exclusion, in which scripting can be used to control which IP addresses are blocked from server access, and which are allowed.
Medical Transcriptions from Remote Employees or Contractors
Storage of Images and Video with PHI (X-Rays, Diagnostics, Screenings, etc.)
Providers and Laboratories Transmitting EMRs
Documents are transferred over a secure tunnel using RSA Key Exchange for encryption. The encryption prevents unauthorized access during the transmission of the document between your office and the FTP server located in the VM Racks secure data center.
The hard drive of the SFTP server is encrypted to ensure that the documents reside in an encrypted container, which meets HIPAA guidelines.
Encryption is AES-256 (type of encryption)
Each FTP user is isolated from its neighbor, which prevents the FTP user from wandering over and attempting to view or manipulate the files uploaded by another FTP user.
VM Racks keeps track of the passwords in an easy to use management system, so that each FTP user can recall or even reset their own password.
VM Racks is diligent in monitoring the Secure FTP server. Employing enterprise monitoring techniques, VM Racks staff is alerted if an anomalous condition arises. Engineers are available 24/7 to react during an incident that requires attention.