Managed file transfer for HIPAA compliance: MFT succeeds where FTP fails

With more healthcare organizations adopting EHR systems , the time has come for them to also upgrade their file transfer solution from FTP to MFT.

In the healthcare industry, electronic health record systems have become a staple. Now more than ever, companies are looking to comply with the Administrative Simplification section of the Health Insurance Portability and Accountability Act, which calls for the use of an electronic system for records instead of an outdated manual one.

However, with more organizations adopting EHR systems, the time has come for them to also upgrade their file transfer solution. Although file transfer protocols may have served this purpose in the past, managed file transfer systems are now necessary to fully ensure that sensitive patient data remains confidential.

Rise of EHR

According to Modern Healthcare, 80 percent of all office-based physicians had some sort of electronic system in place for the management of health records in 2013. Research shows that the adoption of such solutions has increased over the past few years, jumping by nearly 10 percent between 2012 and 2013 alone.

In addition, some early adopters of the technology have reached an appropriate time for upgrades. InformationWeek noted that half of all large hospitals have plans in place to replace their basic EHR system with something more robust and substantial by 2016. Oftentimes, these system changes related to integration and performance, as many survey respondents noted that their current platforms don’t allow for full interconnection of information portals.

Transferring files under HIPAA guidelines: FTP vs. MFT 

With so many firms leveraging electronic systems for their patients’ health records, it is now imperative to have a secure system in place for transmitting this information. However, such a file transfer solution must also follow the guidelines set down by HIPAA, which calls for specific protections when any files containing sensitive health data are sent and received by users.

Although many firms utilized FTP-based systems in the past, IBM noted in a recent white paper that these may cause issues when it comes to industry compliance. Overall, FTP platforms have a number of limitations, including those related to reliability, auditability, and visibility, as well as flexibility and scalability. However, the most glaring limitation here relates to the system’s security.

“FTP transmits client IDs and passwords as plain text, while standard FTP commands can be used to create denial-of-service attacks or exploit other network vulnerabilities,” IBM pointed out. “FTP implementations also lack multi-function authentication, encryption, and privacy.”

HIPAA Guidelines and FTP

As the consequences and fees in conjunction with violating HIPAA guidelines are great, it is in every organization’s best interest to ensure that their file transfer system is in line with the law. FTP systems can put sensitive information at risk when used to transfer medical records. Managed file transfers, on the other hand, excel in nearly every area where FTP fails, including reliability, oversight, flexibility, and auditability. Most importantly, MFT provides boosted security through encryption, checksum capabilities and non-repudiation features, IBM noted.

“MFT gives you a proven way to minimize risk, support compliance, and improve service to customers and partners while standardizing on a cost-efficient platform scalable to meet growing data exchange requirements for years to come,” IBM stated.

Considerations for compliant MFT systems

In this way, when healthcare groups look to update their EHR systems, they should consider the file transfer solution in place as well. Government Health IT contributor Colman Murphy noted that in order to ensure compliance, a file transfer system needs to be able to validate file-transfer activities while protecting all transfers with encryption. In addition, all file sizes should be accepted, and the platform should have an authentication system in place.

Overall, compliance is paramount when it comes to choosing a managed file system. In the current environment, healthcare organizations need to upgrade their FTP platforms and leverage an industry-leading managed file transfer solution to help ensure their HIPAA compliance.