Archive for category HIPAA HITECH

5 Ways Healthcare is Using Managed File Transfer

Posted by on Tuesday, 24 February, 2015

Healthcare organizations looking to improve secure file transfer processes have discovered the many advantages of Managed File Transfer (MFT) and the GoAnywhereTM Suite.

UTMC and AnMed HealthMeeting regulatory compliance with HIPAA and HITECH, connecting multiple office locations or simply updating legacy systems all create excellent opportunities to evaluate the benefits of MFT.

“The medical environment is changing with new regulations and mandates to be addressed,” says Scott Schwarze, manager of information services at the University of Tennessee Medical Center (UTMC). “We wished for a product that would do most of the heavy lifting.”

1. Eliminating Personnel Risk

UTMC found itself in a vulnerable position when their only employee capable of maintaining complicated VB scripts became seriously ill. AnMed Health in Anderson, South Carolina recognized they were in a similar position with only one network staffer capable of setting up DOS batch transfers.

“With a small staff but large output, the goal was something that all team members could be trained on,” said Schwarze. Despite its extensive capabilities, GoAnywhere customers quickly discover the simplicity of scripting and troubleshooting tasks. Lisa Nanney, senior programmer analyst at AnMed Health adds, “when issues do arise, my operations staff can resolve the problem immediately.”

2. Proactive Notifications

“Our old file transfer system did not offer automatic auditing,” said Nanney. “Because we weren’t proactive, it often took a call from a vendor to discover there was a problem.” While AnMed Health uses notifications in GoAnywhere to raise alerts on file transfer issues, Cancer Registry of Greater California (CRGC) finds them invaluable in improving workflow.

“We knew it was important to manage the flow of documents,” states Cory Hamma, systems support manager for CRGC. When files are uploaded by a partner facility, employees are notified of each successful transfer. This establishes a procedure for timely attention to uploaded files and ensures that they don’t go unprocessed.

3. Reducing Menial Tasks

One of AnMed Health’s initiatives was to eliminate the need for third shift staffing. Their results using the efficient automation tools in GoAnywhere saved programming, operations and network staff over 500 hours a month.

A Network Engineer who handled the FTP server spent at least 24 hours a month troubleshooting transfers. According to Nanney, “he doesn’t even touch transfers now unless we need connection assistance.”

But Nanney didn’t stop there. She went on to automate many of their insurance claims and payment processing. This recovered over 50 hours of Data Center time in addition to accelerating the recoup of payments.

During the evaluation of existing FTP processes for migration to GoAnywhere, the UTMC staff discovered they could eliminate custom processes from the procedure. “By eliminating cut off times for output from SQL jobs, labor hours for SQL developers were cut in half,” says Schwarze.

4. Compatibility with Trading Partners

When UTMC was evaluating file transfer solutions “we assumed going in that we could not impact vendors,” stated Schwarze. “Most of the vendors provided an SFTP or FTPS connection for file transfers.” Their modified policy stated that data must not only go over an encrypted connection, but the files need to be encrypted as well.

Schwarze appreciated GoAnywhere’s ability to connect to most systems using standard file transfer protocols. Files are then encrypted and compressed using Open PGP and other standards. He added, “HIPAA does not require the double encryption method, but we felt in this technology environment it would be prudent.”

AnMed Health had several vendors migrate to SFTP, which posed a problem with their old FTP server. “We do transfers with vendors now that would not have been possible without GoAnywhere,” said Nanney.

5. Replacing Inefficient Processes

CRGC covers a population area of nearly 20 million residents across 48 of California’s 58 counties. In order to transmit files between locations, they were utilizing a number of secure email subscription services. Hamma described this being problematic due to, “the file transfer size limitation, lack of organizational control, and complexity for remote users.”

“Many research files exceeded 1 GB in size,” said Hamma, “so the ability to remove that barrier entirely was huge.” GoAnywhere also resolved organizational control with its detailed audit logs that ensure accurate documentation of who, when and where files are accessed.

For AnMed Health, something as simple as replacing green-bar reporting streamlines operations. Nanney’s team now sends reports to a network drive mapped to the IFS, cutting paper costs and eliminating yearly maintenance for “one dinosaur of a printer”.

Regardless of your industry, GoAnywhere’s MFT Suite delivers real results to improve secure file transfer and collaboration processes. Talk to a representative today and discover what GoAnywhere can do for your organization.

To read the full case studies, please visit the links below:

Video: How to Encrypt Files with OpenPGP Studio

Posted by on Wednesday, 7 August, 2013

Have you ever been asked to email a file that includes personal information like your prescription records, or your banking account information, or even your social security number?  Many people share that kind of information over the internet and simply hope that it doesn’t get hacked.

Download OpenPGP StudioLinoma Software, developer of the enterprise solution GoAnywhere™ Managed File Transfer Suite, has made it much easier to keep this kind of confidential data protected with its recently released desktop encryption tool called GoAnywhere OpenPGP Studio™.

This free PC tool is designed for people who occasionally need to share or store sensitive data.  OpenPGP Studio lets users encrypt, decrypt, sign and verify files from their PCs or workstations.  An integrated key manager allows anyone to quickly create, import, export and manage OpenPGP keys needed to encrypt and decrypt files. Best of all, it’s intuitive so even those who claim to be “non-technical” can confidently use OpenPGP Studio.

Here’s a video, also available on YouTube, that shows just how easy OpenPGP Studio is to use.


You can download OpenPGP Studio from the GoAnywhere website, and then let us know what you think!  If you need a more robust solution that includes automation, check out the GoAnywhere suite of products.


Healthcare Industry Still Lags in Protecting Data

Posted by on Tuesday, 30 April, 2013

As healthcare information security requirements and penalties get tougher, a great deal of discussion is focused around how well the healthcare industry is securing patient data.

healthcare data security survey resultsThe general consensus is that the industry still has a long way to go. One of the industry’s publications, Healthcare InfoSecurity, released the results of the Healthcare Information Security Today survey sponsored by RSA which took an in-depth look at security and IT practices of senior executives in the healthcare industry.

<< click on the image to learn more


The survey reviews many information security topics including

  • Impact of a data breach
  • Security threats
  • Compliance and steps to improve security
  • Risk assessment

Some of the responses surprised us on how far healthcare companies need to go for proper HIPAA compliance. Take a look at these statistics:

  • 55% of respondents were not confident in their organization’s ability to comply with HIPAA and HITECH Act regulations concerning privacy and security (grading themselves adequate or less).
  • 66% responded that their organization’s ability to counter internal information security threats was adequate or less.
  • Only 47% of survey participants utilize encryption for information accessible via a virtual private network or portal.
  • 32% of respondents have not conducted a detailed information technology security risk assessment/analysis within the past year with 47% updating their risk assessment only periodically.

The good news is that the survey shows that healthcare organizations are taking steps in the right direction to improve their security practices.

  • 37% of organizations’ budgets for information security are scheduled to increase over the next year.
  • 40% of respondents plan to implement audit tool or a log management solution within the next year.

When asked what their organization’s top three information security priorities are for the coming year, the top responses included

  • Improving regulatory compliance efforts
  • Improving security awareness/education
  • Preventing and detecting breaches

Healthcare IT teams will need updated security policies, comprehensive training for employees, and reliable tools and solutions that can deliver functionality, ease of use, audit reporting, and efficient workflows that protect the security of confidential data at rest and in motion.

The pressure is growing, compliance audits are looming, and tackling these issues are just part of the evolution of the healthcare industry.


New Protections for Patient Data Increase Pressure For Trading Partners to Get Compliant

Posted by on Wednesday, 23 January, 2013

Yet another layer of regulation has been added to the Health Insurance Portability and Accountability Act (HIPAA) that offers even greater protection for healthcare patients’ privacy, while also defining new rights regarding how they can access their health records.

meet HIPAA compliance regulationsThe biggest change is the expansion of HIPAA compliance requirements to include trading partners and third parties who also handle patient data, such as billing companies, contractors, and more.  The U.S. Department of Health and Human Services (HHS) reports that these third parties have been responsible for several significant data breaches which is one reason the responsibility for compliance has been extended to this group.

Penalties for violating HIPAA compliance rules will be assessed based on the determined level of negligence, and can go as high as $1.5 million per incident.

Other issues addressed with the latest additions to the HIPAA regulations include more clarity in defining which types of breaches need to be reported, as well as how patients will be allowed to access and interact with their health records electronically.

If you’re concerned about whether your FTP server meets compliance regulations, join us for a webinar on Thursday, Jan. 31 at Noon Central entitled Get Your FTP Server in Compliance!  You can learn more about the agenda for this webinar here.

For more information about the new HIPAA rules, check out the press release from HHS.

Healthcare Data Breaches on the Rise

Posted by on Wednesday, 19 December, 2012

Stories of data breaches across all industries continue to make the news, and nowhere is the pressure greater to keep data safe than on healthcare IT managers.

Healthcare IT News states that health data breaches increased by 97% in 2011. The 2012 Data Breach Investigations Report from Verizon’s RISK team confirmed that over 174 million records were reported as compromised, mostly as the result of hackers accessing the data. According to the Identity Theft Resource Center 2011 Breach Stats Report, 20% of all data breaches in 2011 were in the healthcare industry.

data breach statistics for 2012

What is most startling about this report is that, according to the RISK study, 97% of these cases could have been avoided through simple or intermediate security controls.  The graphic (see right) is one of the many included in Verizon’s study.

Because the most common place where data is compromised is from corporate databases and web servers, hackers who gain access to these vulnerable areas are mining this data for private information such as social security numbers, birthdates and credit card information.

Studies like these underscore the importance of establishing network security perimeters and implementing procedures that protect the privacy of  patients’ information residing on these servers.

IT managers must be vigilant to combat hackers’ ever more sophisticated tools and methods, and that begins with better security procedures at the office.

Security Policy and Procedures Document

The first step in ramping up security is to write and formalize a security policy and procedures document that addresses best practice protocols and that encompasses applicable HIPAA and HITECH regulations.

Next, all employees must be trained and expectations for compliance made clear,  because it takes a concerted effort on everyone’s part to ensure the required protections are implemented consistently.

Secure Data Files In Motion

One of the more popular ways for hackers to capture sensitive data is via the movement of files and documents across the Internet.  In an earlier blog post, we talked about how standard FTP is commonly used to send files.  However, FTP sends the files in unencrypted form, and offers no protection for the server’s login credentials. Once those credentials are captured, hackers can use them to access the FTP server to mine additional data files.

While managing the security of all of the files in the office may seem overwhelming, Managed File Transfer solutions can simplify this task. Used in conjunction with a reverse proxy gateway, a much greater security perimeter is formed around the network, servers and the sensitive data that need protection.