Secure File Transfer for Healthcare — SFTP and AS2 with Audit Logging
File Transfer for Healthcare
Section titled “File Transfer for Healthcare”Healthcare organizations exchange files that require strict controls: clinical data, insurance claims, credentialing documents, lab results. These must be encrypted in transit and at rest, delivered reliably, and traced for compliance evidence.
Healthcare file transfer requirements
Section titled “Healthcare file transfer requirements”PHI protection: files containing patient health information must be encrypted. Xferity integrates PGP encryption into the transfer flow so encryption is not a manual step that can be skipped.
AS2 for clearinghouse exchange: many healthcare clearinghouses and payers require AS2 with signed and encrypted messages and MDN receipts. Xferity supports AS2 with Postgres-backed message persistence for full MDN audit trails.
SFTP for provider-to-payer exchange: SFTP remains common for clinical data exchanges where a payer or lab provides an SFTP endpoint. Xferity enforces SSH host verification rather than accepting any server key.
Audit evidence for HIPAA: Xferity’s audit records document who transferred what file and when, with optional tamper-evident hash chaining. Records can be exported to external retention systems.
What Xferity provides
Section titled “What Xferity provides”- PGP encryption integrated into flows, not an external manual process
- AS2 with signed, encrypted messages and MDN receipt records
- SFTP with enforced host key verification
- audit logging with file lifecycle records
- security posture monitoring to detect when crypto configurations drift