Avoid Breaking Your HIPAA Compliance

Safeguard Patients’ Protected Health Information (PHI) during File Transfer

illustration showing justice scales and health/physician information books

What Is HIPAA Compliance?

Healthcare Insurance Portability and Accountability Act (HIPAA) is a federal law that regulates how companies can access and use individually identifiable health information. This data is collectively defined as protected health information (PHI).

What Is Protected Health Information (PHI)?

PHI includes a person’s medical records, such as history, test and laboratory results, and other individually identifiable health information.


illustration showing floating browser screens with personal health information

Who Needs to Comply with HIPAA?

Any company that has access to PHI must achieve and maintain HIPAA compliance.

What Is a HIPAA Covered Entity?

A covered entity is any entity that is a healthcare provider, provides a health plan or is a healthcare clearinghouse.

What Is a HIPAA Business Associate?

A business associate is “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity that involve access by the business associate to protected health information.”

What Is a HIPAA Business Associate Contract?

To ensure that their business associates also protect data that is considered PHI, the covered entities and its business associates must enter into contracts with their business associates. The contracts signify an understanding by the business associates that they are accessing PHI and understand and share the responsibilities that entails. The contracts define, clarify and limit the permissible uses and disclosures of PHI by the business associate.

What Are the Rules of HIPAA?

Privacy Rule

Regulates when a covered entity may disclose PHI without a patient’s express written authorization and when they cannot. If a covered entity discloses any PHI, it should take care to disclose the minimum amount of data necessary to achieve its purpose.

Security Rule

This rule requires covered entities and business associates to put technical, physical and administrative safeguards in place to keep data identified as PHI safe.

Enforcement Rule

Provides standards regarding compliance, investigation, monetary penalties and hearing procedures for HIPAA violations.

Breach Notification Rule

Requires business associates to notify covered entities if they know a data breach occurred. Additionally, covered entities must notify patients affected by a breach of PHI data.

Does Thru’s File Transfer Service Maintain HIPAA Regulations?

Thru’s managed file transfer (MFT) service has features that meet the following required implementation specifications. Thru’s features and functionality also meet several of the specifications noted as addressable in HIPAA’s Part 164 – Security and Privacy, 164.312 Technical Safeguards. To discuss the specifics of Thru’s compliance posture, please contact us »

Wordpress Table Plugin

Thru HIPAA Compliance Policy »

Secure File Transfer Overview

Thru helps you achieve end-to-end file security with measures to protect data in the cloud, application and network.


Have questions about security and HIPAA compliance for file transfers?

Get answers, not a sales pitch. Since 2002, we have addressed and solved secure file transfer challenges.


Scroll to Top