HIPAA, PHI and FTP: It’s All About Security

Acronyms and abbreviations are a pretty common, almost unnoticed, way of communication for all of us. We use terms like “NASA” and “scuba” and “laser” to the point that many people, especially the youngsters out there, don’t even know they’re acronyms in the first place (scuba and laser aren’t even capitalized anymore). We send emails with our PCs, view TV in HD (4K if you’re lucky), watch movies on DVD or Blu-ray, we used to listen to music on CD but nowadays it’s all streaming MP3s… I could go on, but I think you get the point.

The computing world has a dizzying array of acronyms and abbreviations too: “www”, “http”, “.com”, “.org”, etc. Many of these we take for granted, and the ones we don’t know don’t bother us- unless one of them somehow prevents us from getting what we want. Then we google the offending letters to figure out why our computer/tablet/smart phone isn’t downloading what we’re after (yes, “google” is a verb now), and we solve the problem. Or we get someone else to; that’s why they invented technical support after all.

This brings us to an interesting intersection, when two very important acronyms from our everyday use meet with a computing acronym many of us may not find familiar. I’m talking about HIPAA, PHI and FTP.

Now, if you’re new to the benefits world and don’t know what either HIPAA or PHI refers to, click the links I’ve provided and start studying- you’ve got a lot of reading to do. For everyone else, you know that there are very specific, federally mandated regulations when it comes to handling HIPAA/PHI information (take HITECH and the Security Rule as examples). Certainly security is a core concern for everyone involved.

How is HIPPA/PHI sensitive material passed along to the correct party (or parties) in a secure manner then?

That’s a fine question, especially given the stiff fines and penalties involved when security is found to be lacking. And “email” is not a good answer either. Enter the File Transfer Protocol (FTP).

(Now, before your eyes glaze over and click to something else, I promise not to throw a bunch of techno-talk at you. If you want that, you’re more than welcome to get it here and here or search the web. I prefer to keep things simple where I can.)

FTP has been around longer than the Internet itself, so it’s a tried and true method of data transmission. It’s basically one computer talking directly to another computer and rules for how commands/data are passed. Honestly, that’s it. The nice thing about FTP is that it can be automated after setup and thousands of files can be transmitted in a short amount of time. The problem with FTP is that it’s not secure- at all. It was made long before data security was an issue, so…

They developed FTPS. The “S” stands for “Secure Socket Layer/Transport Layer Security”, but holding to my promise, that just means it has an added level of data encryption. Basically, two computers have to know each other (through a step called “authentication”) in order to decipher the data passed between them. If they don’t know each other? Then nothing happens. There’s some setup to this process, but it’s not very difficult. And if your company or organization is using FTPS, then your data transmissions are secure.

Later, SFTP was developed, only this time, the “S” is for “Secure Shell”- which is just a different kind of data security from its FTPS cousin. Computers using SFTP encrypt the connection between each other, so any malicious characters who’d try to pluck your data out of said connection end up with a bunch of stuff that can take years to decode (that is, if they have the resources; otherwise, it’s effectively junk). Again, if you have SFTP on your side, your data transmissions are secure.

While I won’t give away any proprietary information on our part, it’s safe to say that we here at THEbenefitsHUB use the latest advancements in data security/transmissions, as well as tried and true methods like FTPS and SFTP. We don’t use email to transmit your HIPAA/PHI data, and we don’t accept email that contains it. We also allow you to access your FTP folder on our server with the “FTP File Access” feature, which lets you pass sensitive data along to the right people in the safest way possible.

Thanks for reading our blog. Please feel free to ask questions or leave feedback in the comments section below; we love questions and feedback!


Leave a Reply

Scroll to Top
%d bloggers like this: