HIPAA & HITECH Require High Security for Healthcare Records
Traditional FTP has been made obsolete in healthcare given the extensive compliance requirements outlined by the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH). Strong security is now required when electronic patient health records must be transferred, and tight administrative control and audit reports are essential.
GoAnywhere™ from Fortra is a cross-platform managed file transfer solution that is designed to help you meet HIPAA/HITECH compliance standards while saving you time and money. It can also eliminate the custom programming and scripting normally required to transfer data, while improving the quality of those transfers.
GoAnywhere is a Strong Weapon in the Fight for HIPAA Compliance
HelpSystems' GoAnywhere MFT solution helps organizations meet the requirements of HIPAA and HITECH by implementing a managed, centralized and auditable solution
With enterprise-level benefits for healthcare, GoAnywhere
- Centralizes file transfer processes within the organization;
- Automates workflows with configurable step-by-step wizards;
- Restricts critical access to files and folders to only authorized users;
- Monitors file transfer processes — both across the Internet and within the organization’s intranet;
- Provides detailed audit trails and reporting of every file transfer, identifying the users, the recipients, and the file names transmitted; and
- Works in conjunction with pre-existing applications within the organization
At the same time, GoAnywhere protects ePHI and other data records by
- Providing Open PGP encryption of files with key management, and
- Enabling protection beyond the organization’s firewall using an enhanced reverse proxy in the DMZ.
GoAnywhere protects against data breaches for both internal and external transmissions. With GoAnywhere’s rigorous access control and automated transfer processes — complete with encryption — this solution provides the comprehensive management control that HIPAA and HITECH regulations require.
GoAnywhere Helps You Meet HIPAA/HITECH Data Transfer Security Requirements
The table below shows how the GoAnywhere™ Managed File Transfer solution helps organizations satisfy the compliance requirements for the HIPAA/HITECH standards. Certain aspects of the standards are considered “addressable,” which means the organization is given some flexibility on how to best implement those requirements.
| HIPAA Regulation | Corresponding GoAnywhere Feature | |
|---|---|---|
| Required Standards | ||
| Access Control§164.312 (a)(1) Prevent unauthorized access from users or software that do not have permissions. |
Users and passwords can be authenticated using a variety of techniques including database authentication, LDAP and Active Directory (AD). Accounts can additionally be authenticated using X.509 certificates and SSH keys. Role-based security allows administrative users to access only authorized features. Folders and files can be authorized to user groups or individual users. | |
| Unique User Identification§164.312 (a)(2)(i) Ensure each user can be singularly tracked. |
The GoAnywhere Security Settings Audit report provides a detailed list of all GoAnywhere security defaults, enabled services, and configured security features. Using HTTPS will ensure that all administrative access is encrypted. | |
| Integrity§164.312 (c)(1) Prevent unauthorized access from users or software that do not have permission to view or access. |
Folders and files can be restricted from edit/delete access by user and group. This data can be made available for read-only access or can be completely restricted. Encrypted transmissions use hashing algorithms to confirm the integrity of data packets. | |
| Person or Entity Authentication§164.312 (d) Provide electronic verification that ensures that the claimed identity of a user is accurate. |
Users can be authenticated using a variety of protocols including database, LDAP, AD, SSH keys and certificates. | |
| Addressable Standards | Transmission Security§164.312 (e)(1) Establish electronic security protocols to insulate data in motion from unauthorized access as its transferred across electronic networks. |
GoAnywhere supports change control by working in conjunction with test, QA, or development systems, allowing easy promotion of projects from test to production while maintaining separation of duties. Project revisions are recorded, allowing easy rollback of changes. |
| Automatic Logoff§164.312 (a)(2)(iii) Disconnect or terminate electronic sessions based on predetermined rules. |
The session timeout can be configured by the administrator so users are automatically logged out after a specific length of inactivity. | |
| Encryption & Decryption§164.312 (a)(2)(iii) Disconnect or terminate electronic sessions based on predetermined rules. |
Data can be exchanged securely using SFTP (SSH), SCP, FTPS (SSL/TLS) and HTTPS protocols. The files can be individually encrypted using the Open PGP and AES encryption standards. | |
| Authentic ePHI§164.312 (c)(2) Demonstrate via electronic records that data has not been altered, compromised, or deleted without authorization. |
Audit trails will document when unauthorized attempts are made to alter or delete documents through GoAnywhere. | |
| Integrity Controls§164.312 (e)(2)(i) Prevent unauthorized access from users or software that do not have permission to view or access. |
Files and folders can be restricted by individual users and group profiles. | |
| Encryption§164.312 (e)(2)(ii) Apply encryption to ePHI whenever appropriate or necessary |
Files are encrypted and decrypted using the Open PGP and AES encryption standards. |
Ensure File Transfer Compliance with GoAnywhere
We can help you meet compliance requirements for your file transfers! Request a demo for your specific data security needs, and we’ll walk you through the product to see if it fits your organization.