It is important to note that even when a service can answer yes to each of the above questions, HIPAA compliance largely depends on how the service is used. Administrators must be sure that the platform is configured correctly in accordance with the law, that they have a signed BAA with the service provider prior to use, and that employees are trained on how to use the platform properly.
Examples of HIPAA Compliant FTP Services
- HIPAA Vault: this server requires two-factor authentication for file access, enables end-to-end encryption (E2EE), offers access controls, and enables IP blacklisting.
- Files.com: (Premier Plan ONLY) offers two-factor authentication, E2EE, and access controls.
- Cerberus FTP Server: offers access controls, audit logging, and encryption.
- FTP Today: offers user authentication, audit logging, encryption, and access controls.
Each of the HIPAA compliant FTP services listed above is good choice, but users should examine what is most important for their business. A product appropriate for one company isn’t necessarily suitable for another. Some of these products are charged on a per-user basis, while others offer a flat fee. Depending on how many users you need and the amount of data sent, the right choice for your business will differ. For instance, HIPAA Vault’s starter service includes up to 25 users, while Files.com requires a minimum of 25 users and is charged per user.