YEARS OF EXPERIENCE
FILE TRANSFERS (monthly)
Maintaining HIPAA Compliance with Diplomat MFT
Diplomat MFT can play a vital role in your data privacy and information security program for managing PHI. By automating critical elements of the secure file transfer management process—like encryption, scheduling, and notifications—Diplomat MFT makes it easy to establish secure workflows to send, receive, host, and retrieve PHI as well as related data like patient insurance and financial information.
Many healthcare services providers, including some of the largest entities in the U.S., already trust Diplomat MFT to keep their PHI and other mission critical data safe. You can trust us, too. And unlike many of our competitors, we are ethically priced, so you’ll save money while keeping patient and customer PHI safe. Download a free trial to see for yourself; or contact us with any questions and for a no obligation demonstration.
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009. Its goal was to encourage the healthcare industry to adopt technologies that would enable faster, more efficient sharing and processing of patient information while also addressing the need for secure storage and transmission of sensitive patient data. That is why the HITECH Act includes data security and privacy protection requirements, along with criminal enforcement provisions and mandatory disclosures for data breaches affecting protected health information (PHI). (Of note, the Ponemon Institute found that data breaches affecting PHI cost an average of $10.10 million per event.)
Although HIPAA and HITECH are two distinct laws, they are complementary in nature. And while it is proper to refer to HIPAA-HITECH, when mentioning HIPAA, the HITECH Act is typically implied as being included.
Avoid Data Breaches
Healthcare service providers have trusted Diplomat MFT to automate their secure file transfers for over a decade. Molina Healthcare, Christus Health, Centene and others rely on the platform to protect their data at rest and in motion while staying HIPAA compliant. Contact us today to find out more about our award-winning, no code software platform and customer support we deliver all our customers. Contact us, schedule a demo or download your free trial today
Keeping protected health information (PHI) safe is more than just a business imperative—it is a legal requirement. As a practical matter, data protection is important to maintaining brand trust and avoiding costs associated with a data breach. On average, costs associated with a data breach are $4.35 million, but healthcare organizations average $10.10 million. Included in that figure are fines under various laws requiring that organizations protect private information.
Depending on where your organization operates, different regulations apply, including:
- U.S. – Health Insurance Portability and Accountability Act – (HIPAA)
- Canada – Personal Information Protection and Electronic Documents Act – (PIPEDA)
- EU – General Data Protection Regulation – (GDPR)
These laws mandate that organizations responsible for collecting and managing PHI keep that data safe, both when in storage and when transferring it between entities.
Molina Healthcare needed to centralize secure file transfers with a solution that would integrate into their existing IT infrastructure. Diplomat MFT software simplified management of secure file transfers while meeting HIPAA compliance requirements.
CHRISTUS Health needed cost-effective, high-availability Managed File Transfer software to demonstrate compliance with HIPAA and other mandates. Diplomat MFT software centrally controls Managed File Transfer and reduces file transfer problems.
The Health Insurance Portability and Accountability Act (HIPAA) established national standards for the security of electronic health care information with both civil and criminal penalties for non-compliance by covered entitles, such as hospitals or physician practices. The HITECH Act of 2009 extended these penalties beyond covered entities to their business associates and established more rigorous enforcement policies.
Frequently Asked Questions
What is HIPAA compliant software?
Technically, there is no such thing. HIPAA compliance applies to organizations that collect and manage protected health information (PHI) and not software. However, tools like Coviant Software’s Diplomat MFT secure managed file transfer software can help organizations keep PHI safe during transfers as a vital part of a HIPAA compliance program.
How do I know if something is HIPAA compliant?
When evaluating software and applications for use in storing, managing, and moving protected health information (PHI) under HIPAA, you should look for systems that support secure protocols like SFTP, FTPS, SSL and others; systems that support the use of encryption files containing PHI, and process automation to minimize the chance of human error when handling PHI. When determining if your organization is HIPAA compliant, you should rely on legal expertise.
What information is considered protected health information (PHI)?
Protected health information (PHI) is any data or information associated with individuals that relates to their personal health status and is created, collected, stored, managed, maintained, and/or moved by a covered entity as defined by HIPAA.
How does Diplomat MFT help ensure files are sent to the right place?
When Diplomat MFT uploads a file, the encrypted protocol provides integrity checking of data packets, so it knows that the file arrived unmodified at its destination. We can further enhance that by encrypting the file before it is sent to the recipient, ensuring that it is both encrypted onlyfor that recipient, and that we digitally signed the file so the recipient verifies the sender and that the file has not changed.
Once a file is delivered to a recipient, it is completely out of our control. But Diplomat MFT keeps both audit records and copies of the files in archive to protect the sender if the recipient alters the contents of the file (intentionally or accidentally). By cross-referencing Diplomat MFT archived data, the sender can protect itself by proving what was delivered.
Does Diplomat MFT protect PHI when mobile devices are used to share them?
Diplomat MFT is not (yet) a mobile application. However, if mobile devices are used for sending data to IT systems in a hospital, medical lab, dentist office, or other healthcare environment, Diplomat MFT can play a role in automating file transfers from that point forward (or when bringing data from external sources into those IT systems).
What is a “covered entity” under HIPAA?
According to the U.S. Department of Health and Human Services (HHS), a covered entity under HIPAA is either a healthcare services provider (doctor, dentist, pharmacy, nursing home, etc.), health insurance provider (insurance companies, HMOs, employers, governmental agencies and organizations), or healthcare data clearinghouse that create, collect, store, manage, or transmit protected health information (PHI).
What are the 3 rules of HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) includes three rules for protecting protected health information (PHI) and keeping patient privacy safe. The Three Rules of HIPAA are:
- HIPAA Privacy Rule, outlines standards for processes to keep patient privacy and PHI safe;
- HIPAA Security Rule, outlines technical requirements for systems used to store, move, and manage PHI; and,
- HIPAA Breach Notification Rule, outlines steps an organization must take to notify authorities and patients in the event that PHI is compromised.
How does Diplomat MFT help clarify issues of data provenance when information is transferred and stored in a third-party cloud service like AWS, Google Cloud, and Azure?
Data provenance (also known as data ownership or stewardship) is especially important for maintaining regulatory compliance regulations like GDPR, where data created within one country cannot leave those borders. Cloud services, like AWS and Azure, provide features and controls around the location of data that is stored, but care must be taken to ensure misconfigurations don’t result in data being sent to the wrong place and that other connected systems aren’t taking data and moving it where it should not be. That’s why Diplomat MFT with workflow and encryption automation is important to minimize the opportunity for human error as part of a security and compliance strategy for regulations like HIPAA, GDPR, PIPEDA, etc.
HIPAA makes provision for sending PHI to patients who are not likely to have means of secure receipt or may not support encryption, provided the documents are protected to the point of receipt. Can Diplomat MFT do that?
Yes. Diplomat MFT encrypts files with OpenPGP and also encrypts transmissions using the SFTP (and also HTTPS and FTPS) protocol, so even if the recipient’s systems are not secure, the sender is able to comply with their part of HIPAA. What’s more, Diplomat MFT also supports secure fax by retrieving PDF files from back-end systems or via file share, and putting them into the proper location for the secure faxing software to take over.
Supports Automating All Major Transfer Protocols
FTP, FTPS, SFTP, HTTP, HTTPS, AS2, Email, SMB, CIFS, NFS
Host or receive files for secure file exchanges with your clients, customers, suppliers, and other business partners.
External entities connect to your server using any standard SFTP client, using strong authentication and the highest levels of security.
No files are ever stored in your DMZ and require no inbound holes in the internal firewall
Securely host an SFTP server AND transfer files between your internal system and external trading partners in a secure, auditable, and compliant manner
The Health Insurance Portability and Accountability Act (HIPAA) established national standards for the security of electronic health care information with both civil and criminal penalties for non-compliance by covered entitles, such as hospitals or physician practices.
Best In Class PGP Automation
Encrypt, decrypt, sign or verify encrypted files with a simple checkbox
Enterprise Class Scheduling And Folder Monitoring
Schedule jobs down to the minute, including Calendars for exclusions, execution time windows and more, or monitor any accessible shared folder
Comprehensive Source File Selection And Triggers
Transfer the right files the first time by selecting by name patterns, dates, sequence numbers, all with support for trigger files for the whole batch or per-file. Specify the order files should be transferred, including time-based or alphabetically.
Diplomat can synchronize that source directory structure to any number of destinations. Those destinations are often installations of the Diplomat Remote Agent, offering extensive control, very strong security, and a high level of confidence with SHA-256 checksum integrity validation.