Regulatory Compliance | SendThisFile

REGULATORY COMPLIANCE

SendThisFile is dedicated to providing industry leading security and regulatory compliance to its customers.

SendThisFile, Inc. and its partners comply with specialized regulatory requirements which our small, medium, Fortune 500 and Fortune 10 customers must meet. As such, SendThisFile, Inc. is able to provide a robust managed file transfer service to customers who must meet stringent data privacy and data security regulations.

SendThisFile is compliant with HIPAA, SAS 70 Type II, SSAE16, PCI DSS and FIPS 140-2.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The U.S. Department of Health and Human Services recognizes electronic file transfer as a legitimate method of moving individual health records between medical personnel and medical facilities. The file transfer service provided by SendThisFile, Inc. meets the electronic transmission requirements for these documents.

The following PDF contains additional HIPAA information from the U.S. Department of Health and Human Services.

HIPAA compliant electronic transmissions

SendThisFile operates as a common carrier (i.e., SendThisFile operates as the electronic or Internet equivalent of FedEx or UPS). Therefore, a Business Associate agreement with SendThisFile is not required.

[45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Other Situations in Which a Business Associate Contract Is NOT Required.
With a person or organization that acts merely as a conduit for protected health information, for example, the US Postal Service, certain private couriers, and their electronic equivalents.

HIPAA Business Associate requirements

Statement on Auditing Standards No. 70 (SAS 70)

SendThisFile utilizes Data Centers that have passed a Statement on Auditing Standards (SAS) No. 70 Type II audit conducted by a third party.

Statement on Standards for Attestation Engagements No. 16 (SSAE16)

SendThisFile utilizes data centers that have met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.

PCI DSS

SendThisFile meets Payment Card Industry Data Security Standard (PCI DSS) version 2.0. PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment.

For more information regarding PCI DSS visit http://www.pcisecuritystandards.org

Federal Information Processing Standards (FIPS) 140-2

Federal Information Processing Standards Manual 140 covers the security measures used within software modules. File uploads and downloads on SendThisFile involve a browser at the upload end, a Java module on the SendThisFile server, and a browser on the download end.

Microsoft Internet Explorer browser is FIPS 140-2 compliant. If both the sender and the recipient are using Microsoft Internet Explorer browsers, the transfer will be conducted using FIPS 140-2 compliant modules.
Mozilla's FireFox browser is FIPS 140-2 compliant, when configured by the user.
SendThisFile also utilizes Java JCE and Java JSSE on its servers, which are FIPS 140-2 compliant.

SendThisFile Personnel

SendThisFile, Inc. has provided enterprise level solutions longer than any other firm in the managed file transfer industry. We serve Federal military, business and nuclear agencies, international stock market and financial reporting firms, global banks and hospitals. SendThisFile restricts the number of employees who have access to customer data to a small, highly-vetted group, along with secure login procedures.