HIPAA Compliant FTP Server

Secure FTP Server

Protects Files During FTP Transmission

The HIPAA Compliant Secure FTP Server is built with security in mind. It’s purpose is to protect files that contain Protected Health Information (PHI).

HIPAA Security Standard §164.306 requires covered entities and their business associates to ensure the integrity and confidentiality of electronic protected health information (ePHI), both in storage (at rest) or transmission. But communications through a generic file transfer protocol (FTP) are not secure, rendering it insufficient for the transmission of sensitive ePHI.  Secure File Transfer Protocol (sFTP) has the unique ability to leverage an SSH connection (a Secure Shell, or authenticated cryptographic protocol) to safely transmit and retrieve sensitive data files from networked hosts, including remote, cloud-based servers. In addition, an sFTP connection will provide clients with a more robust set of file attributes, as well as directory information from the server.

Details and Features of Secure FTP Servers

VM Racks’ Secure FTP has several layers of protection, including Anti-Virus, Anti-Malware, Vulnerability Scanning, Host Intrusion Detection, and Password Management. VM Racks keeps track of the passwords in an easy to use management system, so that each sFTP user can recall or even reset their own password. All sFTP users are isolated from their neighbors, preventing unintended manipulation of files by other users. Files in the cloud are encrypted with AES-256 symmetric cryptography, and data in-transit is also encrypted, using an RSA 2048 bit key.

VM Racks staff is alerted if any anomalous condition that arises, and engineers are available 24/7 to react to an incident that requires attention. VM Racks also offers two options for allowing access to the sFTP server: 1.) Two Factor Authentication (2FA), which adds an extra layer of sign-on security for users; or 2.) Source IP Exclusion, in which scripting can be used to control which IP addresses are blocked from server access, and which are allowed.

HIPAA Compliant FTP Server Benefits

    • Secure and encrypted transfer to the FTP server
      • Completely secure file transfers to the sFTP Server, utilizing RSA Key Exchange for encryption
        • An encrypted hard drive, ensuring safe storage of PHI in VM Racks’ Secure Data Centers
          • 24/7 sFTP Server monitoring by VM Racks engineers, utilizing enterprise monitoring techniques
            • Managed password policies, with regular changes for increased security
              • Linux Server, available with two-factor authentication or Source IP Exclusion
                • Signed Business Associate Agreement

Common Deployments for SFTP Server

Medical Transcriptions from Remote Employees or Contractors
Storage of Images and Video with PHI (X-Rays, Diagnostics, Screenings, etc.)
Providers and Laboratories Transmitting EMRs

Secure SSH Protocol

Documents are transferred over a secure tunnel using RSA Key Exchange for encryption. The encryption prevents unauthorized access during the transmission of the document between your office and the FTP server located in the VM Racks secure data center.

Encrypted Hard Disk

The hard drive of the SFTP server is encrypted to ensure that the documents reside in an encrypted container, which meets HIPAA guidelines.

Encryption is AES-256 (type of encryption)

Isolation between FTP Users

Each FTP user is isolated from its neighbor, which prevents the FTP user from wandering over and attempting to view or manipulate the files uploaded by another FTP user.

Password Management

VM Racks keeps track of the passwords in an easy to use management system, so that each FTP user can recall or even reset their own password.

HIPAA FTP Monitoring

VM Racks is diligent in monitoring the Secure FTP server. Employing enterprise monitoring techniques, VM Racks staff is alerted if an anomalous condition arises. Engineers are available 24/7 to react during an incident that requires attention.

The protection is at several levels including:

                  • Secure and encrypted transfer to the FTP server
                  • Encrypted data at-rest and in-transit
                  • Anti-Virus protection
                  • Anti-malware protection
                  • Vulnerability Scanning
                  • Host Intrusion Detection
                  • Password Management
                  • Monitoring
                  • Signed Business Associate Agreement

Get a Quick Quote

Please fill out the form below and we will get back to you quickly with a quote for your project.

Product Interest - Choose at least one *

System Requirements

Our Certifications