FTP Today provides every possible control so you can confidently state you have a HIPAA compliant FTP site.
If you plan on transmitting any PHI via FTP Today, you should be concerned about Physical Safeguards and Technical Safeguards. The physical safeguard requirements, as well as infrastructure security and administration requirements, are all met by our SSAE18 SOC2 audited data center. Just as important, FTP Today's SaaS application give you all the controls you need to ensure you are meeting HIPAA technical safeguards from end to end (Enterprise-level subscription required).
In order to be HIPAA compliant, your FTP Software needs 9 important features:
- Access Control: Unique User Identification
- Access Control: Emergency Access Procedure
- Access Control: Automatic Logoff
- Access Control: Encryption & Decryption
- Audit Controls
- Integrity Policies
- Person or Entity Authentication
- Transmission Security: Integrity Controls
- Transmission Security: Encryption
Can you confidently say your current file sharing process has each of these features covered? Learn more by reading our guide on “Technical Safeguards for a HIPAA Compliant FTP Site”
Business Associate Agreement
HIPAA compliance is often measured by a service provider's willingness to sign a BAA, its adherence to guidance set forth in the HIPAA Security Rule or the Office for Civil Rights (OCR) HIPAA Audit Protocol, or standards like SSAE 16 Type II, or the results of a third-party compliance assessment or healthcare-specific security framework, such as HITRUST. There is no such thing as "HIPAA compliance" per se. There is only the exercise of a standard of due care against the rule.
We understand the need for you to document responsibilities for protecting PHI with any of your vendors. FTP Today has drafted a Business Associate Agreement for this purpose that properly addresses our business relationship and the handling of any PHI that may be transported through our service. You can view the FTP Today Business Associate Agreement here.