SendThisFile® HIPAA Configurable

While each Covered Entity is unique, the SendThisFile secure file transfer system can be configured to meet most Covered Entities privacy and security policies.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) omnibus final rule which was announced in January of 2013 and effective March of 2013, is based on statutory changes under the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and the Genetic Information Nondiscrimination Act of 2008 (GINA).

The HIPAA omnibus final rule narrowed the "conduit exception" for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the "transient versus persistent nature" of the service offered.

Configurable Components

To ensure compliance with a Covered Entities privacy and security policies, SendThisFile must be configured as a transient courier and not a data storage provider. The following components should all be considered when setting up SendThisFile to align with your HIPAA privacy and security practices and policies.

If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.