HIPAA & HITECH Require High Security for Healthcare Records

Traditional FTP has been made obsolete in healthcare given the extensive compliance

requirements outlined by the Health Insurance Portability and Accountability Act

(HIPAA) and Health Information Technology for Economic and Clinical Health

(HITECH). Strong security is now required when electronic patient health records

must be transferred, and tight administrative control and audit reports are essential.

GoAnywhere™ from Linoma Software is a cross-platform managed file transfer solution

that is designed to help you meet HIPAA/HITECH compliance standards while saving

you time and money. It can also eliminate the custom programming and scripting

normally required to transfer data, while improving the quality of those transfers.

GoAnywhere is a Strong Weapon in the Fight for HIPAA Compliance

Linoma’s GoAnywhere MFT solution helps organizations meet the requirements of

HIPAA and HITECH by implementing a managed, centralized and auditable solution.

With enterprise-level benefits for healthcare, GoAnywhere

• Centralizes file transfer processes within the organization;

• Automates workflows with configurable step-by-step wizards;

• Restricts critical access to files and folders to only authorized users;

• Monitors file transfer processes – both across the Internet and within the organization’s intranet;

• Provides detailed audit trails and reporting of every file transfer, identifying the users, the recipients, and the file names transmitted; and

• Works in conjunction with pre-existing applications within the organization.

At the same time, GoAnywhere protects ePHI and other data records by

• Providing Open PGP encryption of files with key management, and

• Enabling protection beyond the organization’s firewall using an enhanced reverse proxy in the DMZ.

GoAnywhere protects against data breaches for both internal and external transmissions. With GoAnywhere’s

rigorous access control and automated transfer processes -- complete with encryption – this solution provides the

comprehensive management control that HIPAA and HITECH regulations require.

GoAnywhere.com 402.944.4242 | 800.949.4696 Solutions@GoAnywhere.com

With a browser-based

interface and

multi-platform support,

GoAnywhere helps

organizations comply

with HIPPA and HITECH

regulations in a secure,

user-friendly way.

GoAnywhere Helps You Meet HIPAA/HITECH Data Transfer Security Requirements

The table below shows how the GoAnywhere™ Managed File Transfer solution helps organizations satisfy the compliance requirements for the HIPAA/HITECH standards. Certain aspects of the standards are considered “addressable,” which means the organization is given some flexibility on how to best implement those requirements.

GoAnywhere.com 402.944.4242 | 800.949.4696 Solutions@GoAnywhere.com

Corresponding GoAnywhere FeatureUsers and passwords can be authenticated using a variety of techniques including database authentication, LDAP and Active Directory (AD). Accounts can additionally be authenticated using X.509 certificates and SSH keys. Role-based security allows administrative users to access only authorized features. Folders and files can be authorized to user groups or individual users.

Each GoAnywhere user must have a unique user ID and password to log into GoAnywhere. All activity for the user is audited in the GoAnywhere central database, including all file transfer activity. This audit information can be reported within GoAnywhere and can additionally be sent to a central SYSLOG server.

The session timeout can be configured by the administrator so users are automatically logged out after a specific length of inactivity.

Data can be exchanged securely using SFTP (SSH), SCP, FTPS (SSL/TLS) and HTTPS protocols. The files can be individually encrypted using the Open PGP and AES encryption standards.

Folders and files can be restricted from edit/delete access by user and group. This data can be made available for read-only access or can be completely restricted. Encrypted transmissions use hashing algorithms to confirm the integrity of data packets.

Audit trails will document when unauthorized attempts are made to alter or delete documents through GoAnywhere.

Users can be authenticated using a variety of protocols including database, LDAP, AD, SSH keys and certificates.

Files and transmissions are securely transferred using SFTP, FTPS and HTTPS protocols, as well as encryption standards of AES and Open PGP.

Files and folders can be restricted by individual users and group profiles.

Files are encrypted and decrypted using the Open PGP and AES encryption standards.

HIPAA Regulation

Unique User Identification §164.312 (a)(2)(i)

Ensure each user can be singularly tracked.

Automatic Logoff §164.312 (a)(2)(iii)

Disconnect or terminate electronic sessions based on pre-determined rules.

Encryption & Decryption §164.312 (a)(2)(iv)

Apply procedures to encrypt and decrypt data such as ePHI (electronic patient health information).

Integrity §164.312 (c)(1)

Prevent unauthorized access from users or software that do not have permission to view or access.

Authentic ePHI §164.312 (c)(2)

Demonstrate via electronic records that data has not been altered, compromised, or deleted without authorization.

Person or Entity Authentication §164.312 (d)

Provide electronic verification that ensures that the claimed identity of a user is accurate.

Transmission Security §164.312 (e)(1)

Establish electronic security protocols to insulate data in motion from unauthorized access as its transferred across electronic networks.

Integrity Controls §164.312 (e)(2)(i)

Prevent unauthorized access from users or software that do not have permission to view or access.

Encryption §164.312 (e)(2)(ii)

Apply encryption to ePHI whenever appropriate or necessary.

Access Control §164.312 (a)(1)

Prevent unauthorized access from users or software that do not have permissions.

Req

uire

d S

tand

ards

Add

ress

able

Sta

ndar

ds

To learn more visit GoAnywhere.com, or call 1.800.949.4696© 2013 Linoma Software

Simplify, secure and automatemanaged file transfer processes

GoAnywhere Services™ allows trading partners (both internal and external) to securely connect to your system and exchange files within a fully managed and audited solution. Popular file transfer and encryption standards are supported without the need for proprietary client software. A Secure Mail module with an Outlook plug-in is also available to make ad-hoc file transfers more convenient and secure.

GoAnywhere Director™ streamlines and secures the exchange of data with customers, trading partners and enterprise servers. GoAnywhere Director is a flexible solution that connects to almost any server or data source using a wide variety of standard and secure protocols.

GoAnywhere Gateway™ acts as an enhanced proxy that provides an additional layer of network security. It allows trading partners to connect to GoAnywhere Services without having to open incoming ports into the private network or store sensitive information in the DMZ. It also serves as a forward proxy for processing file transfer requests from GoAnywhere Director.

Managed File Transfer Solution

• Installs to Windows, Linux, IBM i, UNIX, AIX, HP-UX and Solaris

• Supports FTP/S, SFTP, SCP, HTTP/S and AS2 file transfer protocols

• Provides an intuitive browser-based interface for remote administration

• Generates detailed audit logs and alert messages

With the GoAnywhereTM managed file transfer (MFT) solution, organizations can exchange data more efficiently and securely with trading partners, customers, employees and internal systems. GoAnywhere also helps organizations meet strict compliance regulations such as HIPAA, PCI DSS, SOX, GBLA and state privacy regulations.

GoAnywhere is comprised of three components: GoAnywhere Director™, GoAnywhere Services™ and GoAnywhere Gateway™

About Linoma Software

Founded in 1994, Linoma Software provides innovative technologies for protecting sensitive data and automating data movement. Linoma Software has a diverse install base of over 3,000 customers around the world including corporations, non-profit organizations and government entities.

Visit GoAnywhere.com for more information or to download a free trial!

• Connects to FTP/S, SFTP, HTTP/S, AS2, MQ/JMS, SMTP, POP3 and IMAP servers

• Secures transmissions with Open PGP, SSL, TLS, SSH or ZIP/AES encryption

• Compresses/packages files with ZIP, GZIP or TAR

• Connects to databases including DB2, SQL Server, Oracle, Informix, MySQL, Sybase and Derby

• Interfaces with customer applications and programs

• Reads/writes Excel, XML, CSV, Delimited text and Fixed Width documents

• Centrally logs all file transfer activity

• Allows your trading partners to connect to your system through FTP/S, SFTP, HTTP/S and AS2 protocols

• Secures transfers with SSL, TLS or SSH encryption

• Offers web client for browser-based file transfers

• Sends email notifications when files are available

• Provides extensive security controls with granular user permissions, blacklists and whitelists

• Includes key and certificate management

• Processes files automatically with triggers

• Generates detailed audit logs

• Provides both reverse proxy and forward proxy services

• Allows sensitive data files and user credentials to be stored in the private network, rather than the DMZ

• Protects private network by not requiring inbound ports to be opened

• Hides locations and identities of internal systems

• Supports FTP/S, SFTP, HTTP/S and AS2 protocols

1409 Silver StreetAshland, Nebraska 68003(402) 944.4242(800) 949.4696sales@GoAnywhere.com

Watch Video!

Partners