Skip to main content

As of May 8, 2019, BrickFTP is now! Learn more here, or check it out now! ⟶

HIPAA Compliant FTP Hosting for Healthcare Professionals

Digitizing medical records has numerous benefits for medical practitioners, insurance companies and patients alike. The ability to store and access files in the cloud increases communication and collaboration between departments and often reduces wait times for patients. Human error is less likely to occur and result in the loss of an important patient chart, and the safety of files is strengthened when they are backed up and protected through encryption and heightened security measures.

Careful measures must be taken to ensure all medical files that are stored electronically remain HIPAA compliant to protect the privacy and security of each and every patient.

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires certain privacy and security protections for patient medical records and other Protected Health Information, or PHI. Such information includes data pertaining to patient’s past, present or future physical mental health, the provision of health care to the individual and any payment information related to the individual’s health care.

Provisions under HIPAA place specific requirements on the methods in which the above information is shared and accessed electronically. The objective is to maintain patient privacy and protection, particularly as digitization becomes more prevalent in today’s medical facilities. Anyone involved in the storing, filing, accessing, sharing and/or transferring of important patient information (including contact records and related identifiers, billing details, dictation files and transcripts) must ensure their storage services are compliant and HIPAA secure.

Many healthcare institutions trust cloud-based data storage platforms like BrickFTP to keep medical records and patient information secure.

HIPAA Compliance Hosting in the Cloud

Any cloud service that transmits or stores Protected Health Information is considered a business associate. Depending on the particular application, users will likely have to enter into a Business Associate Agreement (BAA) with their file-transfer software that includes physical and technical security measures taken to ensure HIPAA compliant FTP hosting to keep your files protected.

BrickFTP provides a BAA for sites on our Premier plan. The HIPAA secure platform also offers automatic encryption, which ensures the protection of sensitive files in the cloud.

Note: HIPAA includes a Breach Notification Rule that requires medical organizations to notify affected patients, the U.S. Department of Health & Human Services and the media, in some instances, of unsecured Protected Health Information that has been compromised because of a breach.

HIPAA breach notification is not required, however, when data is encrypted and therefore inaccessible to unauthorized parties. Data is not considered unsecured if the Protected Health Information is deemed unreadable, unusable or indecipherable to outside individuals. Because BrickFTP offers automatic encryption, users in the medical industry have an extra layer of protection in this area.

Several cloud services, while stating they are HIPAA compliant, may lack secure password capabilities that can lead to a breach of sensitive patient data. One way BrickFTP ensures files are HIPAA secure is through custom user permissions and password controls. The HIPAA compliant FTP hosting platform allows medical professions to create specific permissions and access for each user on a per-folder or per-group basis. Each user may have designated read, write and delete permissions so no file ends up in the wrong hands. Administrators can also require each user to change his or her password on their next login. All passwords are stored in a salted encrypted format, which adds an extra layer of security and protects against brute force attacks.

HIPAA Compliant File Storage

Storing data in the cloud is appealing for healthcare professionals for numerous reasons. Cloud hosting allows for easy, organized and streamlined storage of patient records with lower initial costs. When files are stored in the cloud, disaster recovery and physical security become less of a major concern for IT pros. Files take up less physical space and are continuously backed up when stored in the cloud. Updates are performed regularly, ensuring security and privacy settings are current to keep stored data safeguarded at all times.

BrickFTP offers a web interface (requiring no special downloads or plugins) that can be accessed via any modern browser, as well as a desktop sync app so files can be managed and changed locally. Files can be accessed anywhere by authorized users, and BrickFTP ensures data is HIPAA secure and encrypted both in transit and at rest.

BrickFTP's Premier Plan ensures HIPAA compliant file storage of private documents such as:

• Medical records
• Health insurance information
• Laboratory test results
• Body scans or images
• Dictation transcripts

HIPAA Compliant File Sharing

BrickFTP not only ensures the safekeeping of patient documents while they are stored, the software also has measures in place to make certain that sensitive stored date remains protected even as it is shared and accessed by multiple authorized individuals. Secure password capabilities and flexible sharing permissions prevent the disclosure of protected information from outside parties.

It is important that today's doctors have access to critical patient records on the go while keeping Protected Health Information secure at all times. A HIPAA compliant file sharing service allows important forms, research, charts and other data to be readily available from any approved device at any location. BrickFTP includes comprehensive logging of every file or folder action taking place in each account so medical professionals can review activity in their HIPAA compliant file sharing space to detect any unusual activity and keep tabs on who is accessing specific documents.

HIPAA Compliance Hosting

Choosing a cloud-based storage solution to store and share sensitive patient information provides involved parties quick, secure, HIPAA compliant access to relevant data from any device at any location. Storing files via HIPAA compliant FTP hosting is both a convenient solution for medical professionals to access pertinent health records on the go and a smart way to bring peace of mind to the organization regarding the security of its stored data.

Rules related to compliance and HIPAA secure file storage and sharing apply to both covered entities and business associates. Covered entities include health care providers (e.g. doctors, dentists, pharmacists, psychologists, nursing homes), health plans (e.g. health insurance companies, Medicare, Medicaid, veteran health care programs) and health care clearinghouses (e.g. billing services, community health information systems).

Remember: The most trusted HIPAA compliant cloud storage services are legally considered business associates. BrickFTP provies a pre-written, pre-approved Business Associate Agreement (BAA) that the end user signs and submits back. After it is signed, and therefore valid, BrickFTP will send back an executed copy.

Further Reading

The BrickFTP team recommends reviewing the 'For Maximum Security' section in its legal security policy document to ensure your team has configured BrickFTP to meet HIPAA compliant storage requirements. While BrickFTP does offer HIPAA compliance, it is the healthcare institution's responsibility to configure their storage space so it remains HIPAA compliant and to enforce security policies for employees throughout the organization.

BrickFTP offers HIPAA compliance with BAA exclusively to Premier Plan users. This plan includes 10 TB of monthly usage, along with priority support, a dedicated account manager and early or exclusive access to many premium features.

Check out our blog post detailing the importance of a secure FTP storage solution for medical professionals.

The information contained herein is for informational purposes, and is not for the purposes of providing legal advice. You should consult with your attorney with respect to any specific issue or problem.