File Watchdogs Home Page - HIPAA Compliance and FTP Sites

Compliance: HIPAA

 

How File Watchdogs Secure File Transfer Solutions Support Compliance

Click here for HIPAA compliant FTP hosting packages and prices
Confidentiality HIPAA Security Rule How File Watchdogs FTP Network Supports Compliance
Authentication § 164.312 Technical Safeguards.
(d) Standard: Person or entity authentication. Verify person/entity seeking access to electronic protected health information is the one claimed.
  • Unique user IDs
  • All passwords encrypted during client-server authentication when using the Web Transfer Client or capable software
  • All passwords stored in the File Watchdogs Server database are encrypted
  • Ability to enforce strong password creation
  • Auto-expiring passwords with options to allow client reset
  • Rules on using previously used passwords
  • Two-factor authentication using username/passwords pairs, with File Watchdogs SSL Certificates for mutual authentication, or with SSH public keys
Access Control § 164.312 Technical Safeguards.
(a)(1)Standard: Access control. Allow access only to those persons or software programs that have been granted access rights.
(a)(2)(i) Unique user identication (Required). Assign a unique name and/or number for identifying and tracking user identity.
(a)(2)(iii) Automatic logo (Addressable). Terminate an electronic session after a predetermined time of inactivity.
(a)(2)(iv) Encryption and decryption (Addressable).
Encrypt/decrypt electronic protected health information.
  • Administrative SoD (Separation of Duties) with multiple levels of access control and administrator permissions
  • Permissions can be set on shared folders and applied to individual users or entire user groups
  • Administrators can set disk space, maximum file storage, and maximum bandwidth for entire groups or users
  • Block file uploads, downloads, deletions, renaming, and directory creation on a per user basis
  • Set read, write, delete, list, and rename permissions on shared folders
  • Lock users to their home folder, hide other folders from view
  • Administrative options to hide the existence of other users' folders
  • Control server access by IP address
  • Block IP addresses manually, or automatically, using set criteria (such as number of failed connections),
  • Block IP addresses by subnet
  • Support for IP address “whitelist” (safe from automatic blocking)
  • Force mutual authentication for client and server to both exchange SSL certificates
  • Clear Command Channel (CCC) enables Firewall/Network Address Translations (NAT) support for SSL connections
Privacy § 164.312 Technical Safeguards.
(e)(1) Standard: Transmission Security
(e)(2)(ii) Encryption (Addressable). Encrypt electronic protected health information (that is being transmitted)
  • Encrypts client connections over SSH, SSL (Implicit, Explicit and TLS) and SCP2 protocols
  • Session encryption using 256-bit AES encryption and 3DES
  • FIPS 140-2 validated encryption using 256-bit AES, 3DES, and SHA 1, SHA 2
  • Force SSH, SSL/FTPS or TLS 1.0 or higher on all client connections to the File Watchdogs FTP Server 128 bit SSL on folder access
  • Encrypts stored files with fully-integrated OpenPGP mode
  • Configurable SSL/TLS encryption down to the folder level
  • Policy based cryptographic strength enforcement
Integrity (c)(1) Standard: Integrity. Protect electronic protected health information from improper alteration or destruction.
(c)(2) Implementation specication: Mechanism to authenticate electroni cprotected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.
(e)(2)(i) Integrity controls (in tramission) (Addressable). Ensure that electronically transmitted electronic protected health information is not improperly modied without detection until disposed of.
  • Built-in file integrity checking of up to SHA-512 secure hashing algorithms
  • Encrypts stored files with fully-integrated OpenPGP mode
  • Encrypts client connections over SSH and SSL (Implicit, Explicit and TLS) protocols
  • Session encryption using 256-bit AES encryption and 3DES
  • File and folder size comparing to ensure accuracy and completeness
  • File lock during upload prevents users from downloading a file before it is fully uploaded to the server
  • FIPS 140-2 validated ciphers when using FTP client software with FIPS-validated transfer mode
Availability § 164.308(a)(7)(ii) Administrative safeguards.
(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
  • Server architecture enables load balancing to distribute workload among multiple servers for improved performance
  • Clustering servers for redundancy and to overcome scheduled/unscheduled server downtime
  • Client-Server Logging and viewing through the Administrator Console: Capture Client-Server connections and activities related to the storage and transfer of files
  • Administration Logging: Keep an auditable record of server administrator actions
  • Logging server and notification server both require administrator login
  • Automatic restart of interrupted file transfers so users never lose valuable data because of an interrupted connection
  • Automated notifications trigger communication and workflows with Email alerts based on server events such as uploading a file or creating a directory
  • Configure to execute an application and include command line variables
  • Prevents DOS attacks by blocking IP addresses manually, automatically, using criteria such as number of failed connections.
Audit § 164.312 Technical Safeguards.
(b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
§ 164.308 Administrative safeguards.
(a)(5)(ii)(C) Log-in monitoring (Addressable). Procedures for monitoring log-in attempts and reporting discrepancies.
  • Client-Server Logging: Capture Client-Server connections and activities related to the storage and transfer of files
  • Administration Logging: Keep an auditable record of server administrator actions
  • Log viewer provides four levels of reporting including verbose for all client-server activity, administration activity and errors
  • Nested filtering provides custom views of file transfer or other server events
  • Logs are exportable in XML format
  • Automated notifications trigger communication and workflows with Email alerts based on server events such as uploading a file or creating a directory
  • Log the details of encrypted connections to verify encryption strength and type negotiated for a given session
  • Connection log shows all commands sent from the client to the File Watchdogs FTP network and shows the replies from the server
  Click here for HIPAA compliant FTP hosting packages and prices