HIPAA Compliance with JSCAPE MFT Server
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses the minimum standards that health care organizations must implement to protect the security, privacy and confidentiality of patient data that is transferred over the Internet. This statement deals primarily with sections 142.308(c) and 142.308(d) of this Act.
HIPAA requires that all patient data that is transmitted over the Internet must be encrypted using industry standard 128-bit encryption algorithms. JSCAPE MFT Server uses these algorithms as well as several other methods to ensure data security.
HIPAA Compliance Features
| Feature | Benefit |
| Information Security |
JSCAPE MFT Server offers support for several industry standard secure file transfer protocols that exceed HIPAA information security requirements. These protocols include FTPS (FTP over SSL), SFTP (FTP over SSH) and HTTPS. Using these protocols all data and commands are encrypted between the client and server. For additional protection JSCAPE MFT Server offers PGP encryption capabilities. Data may be automatically encrypted upon successful upload to the server. |
| Access Controls |
Each user in JSCAPE MFT Server may be configured with it's own set of virtual directories and permissions. This ensures that users can only see the data they are given access to and not the data of other users. To prevent users from connecting using insecure protocols and violating HIPAA requirements the server may be configured to require that users connect using a secure protocol such as FTPS (FTP over SSL), SFTP (FTP over SSH) or HTTPS. JSCAPE MFT Server also includes a built-in IP access list which may be used to limit access to known client IP addresses. |
| Intrusion Detection | JSCAPE MFT Server can be configured to detect brute force password attacks and automatically disable the account or block the client IP from future requests. In the event that an account is disable or IP is blocked server may optionally notify a system administrator via email who can research the incident further. |
| Internal Auditing | JSCAPE MFT Server logs each and every session and the actions that occurred within that session. Log data may be stored to a file or optionally to a relational database. JSCAPE MFT Server has built-in reporting tools for obtaining information about server activity. |
References