In a recent workshop titled "FTP Site HIPAA Compliance Requirements" that was conducted on March 30th, Martin Horan (founder and acting head of FTP Today) discussed not only the steps that organizations need to take with regards to file sharing in order to maintain HIPAA compliance, but also the many ways in which FTP Today makes these requirements easier than ever to achieve.
An Overview of the Workshop
Throughout the course of the 45 minute presentation, Horan provided valuable insight on a wide range of topics including:
- The specific, HIPAA-mandated technical safeguards required of an FTP site or other digital presence.
- The steps that a business can take to guarantee that their FTP Today site is not only HIPAA-compliant, but also configured in a way that all HIPAA technical safeguards are met.
- Why going above and beyond HIPAA regulations is often recommended, particularly when dealing with something as sensitive as healthcare information.
- An overview of HIPAA "addressable" configurations, and why these add new layers of functionality to a site while still maintaining larger HIPAA compliance at the same time.
During the presentation, users were also given access to two documents: the FTP Today HIPAA Readiness Statement outlining why it's important to take these security measures in reference to electronic health information, and the HHS.gov Security Standards outlining the specifics of the technical safeguards HIPAA requires.
An Overview of HIPAA Technical Safeguards
Under the current version of HIPAA, technical safeguards are currently required for healthcare organizations in a wide range of categories like access control, audit controls, integrity and more.
With regard to access control, for example, each user who has access to an FTP site must have their own unique identification. HIPAA defines this as either a unique name or a number that is used for both identifying that user on the site and tracking their activities over time. Under FTP Today, site administrators can meet this technical safeguard by assigning each user with their own unique login account.
Similarly, HIPAA currently requires all organizations that fall under its guidance to have an emergency access procedure outlining exactly how necessary electronic protected health information will be obtained during an emergency. FTP Today makes it possible to meet this requirement automatically without any intervention from site administrators, as all data is backed up to a separate disaster recovery system on a routine basis.
In terms of audit controls, HIPAA currently requires that all businesses implement certain hardware, software and procedural mechanisms that will not only record but also allow them to examine activity on an FTP site as it relates to electronic protected health information. FTP Today once again removes this burden from site administrators by making detailed activity logs available automatically that are kept perpetually and can also be downloaded for offline archival purposes as needed.
FTP Today for HIPAA Compliance
Horan continued his presentation by going into finer detail about how to best configure and manage an FTP site via FTP Today to maintain the aforementioned HIPAA technical safeguards. While certain requirements are met automatically just by using FTP Today, others need to be properly handled by FTP site administrators.
Watch the Recorded Workshop
Did you miss the live workshop? No problem. The recording of the FTP Site HIPAA Compliance Workshop is available for you to watch at any time.