JSCAPE Secure FTP Server Hosting - HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses the minimum standards that health care organizations must implement to protect the security, privacy and confidentiality of patient data that is transferred over the Internet. This statement deals primarily with sections 142.308(c) and 142.308(d) of this Act.

HIPAA requires that all patient data that is transmitted over the Internet must be encrypted using industry standard 128-bit encryption algorithms. JSCAPE Secure FTP Server Hosting uses these algorithms as well as several other methods to ensure data security.

JSCAPE Secure FTP Server Hosting provides support for several industry standard secure file transfer protocols that exceed HIPAA information security requirements. These protocols include FTPS (FTP over SSL), SFTP (FTP over SSH) and HTTPS. Using these protocols all data and commands are encrypted between the client and server.

For additional protection JSCAPE Secure FTP Server Hosting offers optional PGP encryption capabilities. Data may be automatically encrypted upon successful upload to the server.

Each JSCAPE Secure FTP Server Hosting user is configured with it's own set of virtual directories and permissions. This ensures that users can only see the data they are given access to and not the data of other users.

To prevent users from connecting using insecure protocols and violating HIPAA requirements JSCAPE Secure FTP Server Hosting users may be required to connect using a secure protocol such as FTPS (FTP over SSL), SFTP (FTP over SSH) or HTTPS. Access using non-secure protocols such as standard FTP or HTTP is not available.

JSCAPE Secure FTP Server Hosting servers log each and every session and the actions that occurred within that session. Log data is regularly backed up to a secure server.