HIPAA COMPLIANCE SFTP SOFTWARE
DIPLOMAT MFT is trusted by leading healthcare organizations to automate their secure file transfers while staying HIPAA compliant.
Secure-by-Design (SFTP, PGP, DMZ, deployment)
Ideal for regulatory compliance (HIPAA/HITECH)
Easy-to-use, no-code installation and operation
Simple integration and compatible with existing solutions
Trusted by major Healthcare Organizations
You’ll be in good company with customers such as Mass General Brigham and Bank of America who depend on  Diplomat MFT  for their secure managed file transfer needs.
Maintaining HIPAA Compliance with Diplomat MFT
Diplomat MFT is the best value managed file transfer software from $1,099. You can securely transfer files to any destination, whether that be in the cloud, on-premises or at rest with full visibility and alerting.
When you choose Diplomat MFT, you can automate, manage, and audit your file transfers, maintaining the highest levels of security, visibility, and compliance at the best price in the market.
Diplomat MFT can play a vital role in your data privacy and information security program for managing protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). By automating critical elements of the secure file transfer management process—like encryption, scheduling, and notifications—Diplomat MFT makes it easy to establish secure workflows to send, receive, host, and retrieve PHI and other sensitive information like patient insurance and financial information.
The U.S. Department of Health and Human Services (HHS) recommends that organizations refer to the National Institute of Standards and Technology (NIST) documents like Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule when establishing a HIPAA compliance program. That document recommends adopting transmission security measures to “guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.â€
NIST guidance suggests:
- Establish a formal written set of requirements for transmitting ePHI.
- Identify methods of transmission that will be used to safeguard ePHI.
- Identify tools and techniques that will be used to support the transmission security policy.
- Implement procedures for transmitting ePHI using hardware and/or software, if needed.
Many healthcare service providers, including some of the largest entities in the U.S., already trust Diplomat MFT to keep their PHI and other mission critical data safe. You can trust us, too. And unlike many of our competitors, we are ethically priced, so you’ll save money while keeping patient and customer PHI safe. Book a Demo to see for yourself; or contact us with any questions about our award-winning MFT software.
HIPAA COMPLIANT SFTP SERVER SOFTWARE
Human error is the top cause of data breaches and can trigger costly HIPAA investigations. File misdelivery, accidental exposure, and failure to encrypt put your organization at risk of a costly healthcare data breach. Stop writing custom scripts and manually transferring mission-critical files. You need the security and reliability of Diplomat MFT for your members’ protected health information.
Diplomat MFT helps healthcare organizations create secure, HIPAA compliant file transfer workflows that are more productive and efficient through automated PGP encryption management, role-based administrative privileges, support for multi-factor authentication, time-based one-time temporary passwords (TOTP), use of DMZ and SFTP to prevent process and data exposure, with automated data capture for compliance and forensic audits. These features minimize the risk of human error and are consistent with maintaining security best practices.
Molina Health, Christus Health, Centene, Mass General Brigham, and many other healthcare organizations trust Diplomat MFT to automate their secure file transfers while staying HIPAA compliant. Diplomat MFT can help you stay HIPAA compliant, too.
Expand for video transcript
HIPAA refers to the Health Insurance Portability and Accountability Act. It’s an important U.S. regulation for securing sensitive medical information like electronic health records (EHR), protected health information (PHI), patients’ personally identifiable information (PII), and other data key to respecting patient privacy.
Operating in compliance with HIPAA is important when you consider that, according to The HIPAA Journal, 92% of U.S. healthcare organizations experienced a cyberattack last year. So, how can secure managed file transfer (MFT) software help you comply with HIPAA and keep EHRs, PHI, and other healthcare data safe?
Well, threats like digital supply chain attacks, ransomware, malicious insiders, and even human error put sensitive healthcare data at risk every day. Managed file transfer (MFT) software, helps you achieve HIPAA compliance by protecting  electronic health records (EHR) and other patient data with file encryption, secure communications, and the establishment of best practices for secure data management.
Securing EHRs, PHI, and other sensitive data while sending them to and receiving them from your digital supply chain is where secure MFT software like Diplomat MFT comes in.
Because the foundation for HIPAA compliance is encryption, a solution like Diplomat MFT is a great place to start. In fact, top hospitals and healthcare organizations like CHRISTUS Healthcare, Mass General Brigham, Molina Healthcare, and many more trust Diplomat MFT to support their HIPAA-compliant data management programs.
Diplomat MFT provides an easy and cost-effective way to leverage the most popular PGP encryption technologies. It can also act as a HIPAA-compliant SFTP server behind our advanced Edge Gateway to keep data secure during transmission. Importantly, Diplomat MFT ensures your mission-critical file transfer processes and data are protected internally, not exposed to threat actors in the DMZ or from the outside.
Another important aspect is providing HIPAA compliance through documentation. Diplomat MFT captures and archives file transfer process data to prove your organization’s practices are consistent with HIPAA compliance, which is required in the event of an audit.
Beyond that, our secure-by-design architecture includes numerous security features to support your security and HIPAA compliant file transfer processes, such as:
- Extensive auditing, reporting, and visibility
- Multi-factor authentication with Time-based One-Time Password support
- Single sign-on integration with granular role-based access controls
- Support for the most current elliptic curve cryptography
- HIPAA-compliant SFTP server
Diplomat MFT makes it easy to establish HIPAA-compliant managed file transfer workflows. That is because Diplomat MFT easily integrates with all the healthcare services and applications you already use, and it supports the rigorous security standards HIPAA demands. Furthermore, Diplomat MFT enables the strengthening of a secure, trusted healthcare supply chain because administrative controls are handled behind the firewall, and unencrypted files are never exposed to the public internet.
Diplomat MFT is trusted by top hospitals and healthcare organizations to keep sensitive healthcare information like electronic health records and protected healthcare information secure and to support their HIPAA-compliant data management programs. You can trust us, too.
HIPAA GUIDE 2025
In 2025, important updates to the Health Insurance Portability and Accountability Act (HIPAA) are set to reshape how healthcare organizations handle sensitive data.
The proposed changes aim to protect patient privacy, and healthcare organizations should be proactive and adapt to a changing ‘digital healthcare environment’ or face strengthened penalties for non-compliance.
Healthcare service providers have trusted Diplomat MFT to automate their secure file transfers for more than twenty years. Molina Healthcare, Christus Health, Centene, Mass General Brigham and others rely on our secure managed file transfer platform to protect their data at rest and in motion as a part of their HIPAA compliance programs.
Contact us to schedule a demonstration or learn more about our award-winning, no code software platform and customer support.
Keeping protected health information (PHI) safe is more than just a business imperative—it is a legal requirement. As a practical matter, data protection is important to maintaining brand trust and avoiding the steep costs associated with falling victim to a data breach. On average, costs associated with a data breach are $4.55 million, but healthcare organizations average $10.93 million. Included in that figure are fines under various laws requiring that organizations protect private information.
Depending on where your organization operates, different regulations apply, including:
- U.S. – Health Insurance Portability and Accountability Act – (HIPAA)
- UK – 2018 Data Protection Act
- Canada – Personal Information Protection and Electronic Documents Act – (PIPEDA)
- EU – General Data Protection Regulation – (GDPR)
These laws mandate that organizations responsible for collecting and managing PHI keep that data safe, both when in storage and while transferring it between entities.
DIPLOMAT MFT – LATEST ADDITIONS
version 9.2 enhancements include:
LDAPS authentication to support seamless user provisioning and authentication.
SharePoint Transport simplified transfers to and from SharePoint collaboration software (on-prem or in cloud).
Virtual File System including virtual folders and granular permissions with SFTP user groups.
Remote agent for hybrid and flexible deployments in Linux and Windows environments, including automatic streaming compression and full symbolic link support.
Browsable partner test results simplified administrator validation for configurations with sortable file size and modified date details.
Support Ticket easier log file gathering for fast, accurate error diagnostics.
If you have questions, please reach out to schedule a discussion and quick demonstration of Diplomat MFT. Or you can take Diplomat MFT for a free 15-day test drive with no obligations.
CASE STUDIES & WHITE PAPERS
READ THE FULL CASE STUDY
CUSTOMER:
MOLINA HEALTHCARE
COVIANT PRODUCT:
DIPLOMAT MFT ENTERPRISE EDITION
READ THE FULL CASE STUDY
CUSTOMER:
CHRISTUS HEALTH
COVIANT PRODUCT:
DIPLOMAT MFT ENTERPRISE EDITION
READ THE FULL CASE STUDY
CUSTOMER:
MASS GENERAL BRIGHAM
DIPLOMAT MFT ENTERPRISE EDITION
Your Plan of Action to ensure File Transfer Security
Using Diplomat MFT as a solution for file transfer security, HIPAA/HITECH, GDPR and PCI/DSS requirements.
How to Comply with HIPAA / HITECH
Find out how to comply with The Health Insurance Portability and Accountability Act (HIPAA) and HITECH.
When Data Loss Prevention Is Not Enough
How you can use a MFT solution to reduce your business risk from high-risk network traffic identified by DLP monitoring.
FREQUENTLY ASKED QUESTIONS
What is HIPAA compliant software?
Technically, there is no such thing. HIPAA compliance applies to organizations that collect and manage protected health information (PHI) and not software. However, tools like Coviant Software’s Diplomat MFT secure managed file transfer software can help organizations keep PHI safe during transfers as a vital part of a HIPAA compliance program.
How do I know if something is HIPAA compliant?
What information is considered protected health information (PHI)?
Protected health information (PHI) is any data or information associated with individuals that relates to their personal health status and is created, collected, stored, managed, maintained, and/or moved by a covered entity as defined by HIPAA.
How does Diplomat MFT help ensure files are sent to the right place?
When Diplomat MFT uploads a file, the encrypted protocol provides integrity checking of data packets, so it knows that the file arrived unmodified at its destination. We can further enhance that by encrypting the file before it is sent to the recipient, ensuring that it is both encrypted only for that recipient, and that we digitally signed the file so the recipient verifies the sender and that the file has not changed.
Once a file is delivered to a recipient, it is completely out of our control. But Diplomat MFT keeps both audit records and copies of the files in archive to protect the sender if the recipient alters the contents of the file (intentionally or accidentally). By cross-referencing Diplomat MFT archived data, the sender can protect itself by proving what was delivered.
Does Diplomat MFT protect PHI when mobile devices are used to share them?
Diplomat MFT is not (yet) a mobile application. However, if mobile devices are used for sending data to IT systems in a hospital, medical lab, dentist office, or other healthcare environment, Diplomat MFT can play a role in automating file transfers from that point forward (or when bringing data from external sources into those IT systems).
HIPAA makes provision for sending PHI to patients who are not likely to have means of secure receipt or may not support encryption, provided the documents are protected to the point of receipt. Can Diplomat MFT do that?
Yes. Diplomat MFT encrypts files with OpenPGP and also encrypts transmissions using the SFTP (and also HTTPS and FTPS) protocol, so even if the recipient’s systems are not secure, the sender is able to comply with their part of HIPAA. What’s more, Diplomat MFT also supports secure fax by retrieving PDF files from back-end systems or via file share, and putting them into the proper location for the secure faxing software to take over.
What is a “covered entity†under HIPAA?
According to the U.S. Department of Health and Human Services (HHS), a covered entity under HIPAA is either a healthcare services provider (doctor, dentist, pharmacy, nursing home, etc.), health insurance provider (insurance companies, HMOs, employers, governmental agencies and organizations), or healthcare data clearinghouse that create, collect, store, manage, or transmit protected health information (PHI).
What are the 3 rules of HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) includes three rules for protecting protected health information (PHI) and keeping patient privacy safe. The Three Rules of HIPAA are:
- HIPAA Privacy Rule, outlines standards for processes to keep patient privacy and PHI safe;
- HIPAA Security Rule, outlines technical requirements for systems used to store, move, and manage PHI; and,
- HIPAA Breach Notification Rule, outlines steps an organization must take to notify authorities and patients in the event that PHI is compromised.
What is HIPAA HITECH?
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009. The goal of HITECH was to complement HIPAA and incentivize the healthcare industry to adopt technologies that would enable faster, more efficient sharing and processing of digital patient information. HITECH also addressed the need for secure storage and transmission of sensitive patient data. That is why the HITECH Act includes data security and privacy protection requirements, along with criminal enforcement provisions and mandatory disclosures for data breaches affecting protected health information (PHI).
Average cost of a healthcare data breach: $10.93 Million (IBM-Ponemon Institute Cost of a Data Breach Report 2023)
Are HIPAA and HITECH the Same Thing?
Although HIPAA (1996) and HITECH (2009) are two distinct laws, they are complementary in nature. And while it is proper to refer to HIPAA-HITECH, when mentioning HIPAA, the HITECH Act is typically implied as being included.
How does Diplomat MFT help clarify issues of data provenance when information is transferred and stored in a third-party cloud service like AWS, Google Cloud, and Azure?
Data provenance (also known as data ownership or stewardship) is especially important for maintaining regulatory compliance regulations like GDPR, where data created within one country cannot leave those borders. Cloud services, like AWS and Azure, provide features and controls around the location of data that is stored, but care must be taken to ensure misconfigurations don’t result in data being sent to the wrong place and that other connected systems aren’t taking data and moving it where it should not be. That’s why Diplomat MFT with workflow and encryption automation is important to minimize the opportunity for human error as part of a security and compliance strategy for regulations like HIPAA, GDPR, PIPEDA, etc.
BOOK YOUR FREE DEMO TODAY!
Choose any available time for a live, personalized session. We will take the time to understand your specific requirements and goals–from simple tasks to enterprise-level workflow management.Â
WHAT OUR CUSTOMERS SAY
G2 is the largest and most trusted software marketplace. More than 90 million people annually—including employees at all Fortune 500 companies—use G2 to make smarter software decisions based on authentic peer reviews.
Diplomat MFT has been a powerful workhorse for all of our enterprise file exchange for many years. No other enterprise application we use comes with the same level of support we receive from Coviant.
Extremely robust platform for managing our enterprise file transactions. Every upgrade provides us with additional useful tools to streamline our business processes.
I find the sftp file transfers to be the most helpful tool of Diplomat MFT. No need for programming, the interface is customized already and users only need to fill in the boxes.
The support is fantastic. I had to contact them on a few occasions – as it turns out, not for issues with Diplomat MFT but issues with one of the FTP partners. Coviant support stuck with me and went above and beyond to troubleshoot and figure out the issue.
The interface and GUI are very straightforward. The options are simple and labeled so anyone can understand how to set up and configure. The ability to test something without actually sending something is also beneficial.
I implemented Diplomat Manager File transfer as a way to enable SFTP communications with business partners. It was a year ago. I did not know anything about Diplomat MFT. However, a very knowledgeable colleague suggested I try it as a lot of his customers are using this software. I like the simplicity of setup, excellent reporting capabilities.
We love the seamless user experience, streamlining diplomatic tasks and enhancing efficiency. Diplomat Managed File Transfer is generally praised for its secure and efficient file transfer capabilities, user-friendly interface, and robust features that cater to the needs of businesses requiring reliable data exchange.
Diplomat MFT is excellent at automating SFTP and PGP and comes at a great price! Diplomat MFT is easy to learn and quite powerful in setting up automated file transfer workflows. But it is not complex at all. And the price cannot be beat! We do not have a lot of transfer jobs, but they are very important to our business and I trust Diplomat MFT to get the job done right.