(Health Insurance Portability and Accountability Act of 1996).


Core FTP client supports HIPAA compliant security via SSL, TLS or SSH/SFTP with at least a 128-bit secure connection.


How to make sure your connection is HIPAA compliant:



In your site profile, select your secure options appropriately:



For SSL/TLS (options will be different for various types of SSL/TLS connections):









Once you have connected to your remote secure FTP server, the following steps can be used to verify if your connection is secure:



Verification #1:


In the lower right hand corner of Core FTP, the secure icon will appear to show that a secure connection has been established.


If this secure icon is not displayed, a secure connection has not been established and you are not HIPAA compliant.   


Most HIPAA compliant FTP servers will not allow anything except a secure connection, so this is often not an issue.




Verification #2:


Verify connection in the log:






234 AUTH SSL successful  

TLSv1, cipher TLSv1/SSLv3 (EDH-RSA-DES-CBC3-SHA) - 168 bit





Initialized AES-256 client->server encryption

Initialized AES-256 server->client encryption

Access granted



You will rarely ever see an SSL/TLS connection connect below 128 bits.  


With SSH/SFTP, you should never see a connection via SSH2 lower than 128 bits.


The log information is for your reassurance only.  If you see the secure icon displayed in the lower right corner, there is no need to worry if you cannot find the security bit count in the log.