How do I provide a truly secure FTP site for my client to upload files with sensitive data (PHI - Personal Health Information, as referred to by HIPAA)?
Category: File Management
I currently only have a Launch account, but will upgrade as necessary to provide a secure FTP site. All I've used up to now is email, so I'm not even sure whether someone can upload a file to my site anyway, so I need to know how that works as well. I am wondering if your article saying to just running it through TLS or SSL to make it secure (like when using FileZilla) is enough?
Thanks for the question! If you are on a shared server, you cannot use secure FTP as it is not available. Technically, you can't share files in the manner that you are describing. You cannot use a shared server a as file repository - files would need to be linked and considered web content. See Bandwidth and Disk Usage in our Terms of Service for further detail.
However, it is possible to do this on a VPS/Dedicated server. You can setup the use of Secure FTP (SFTP) or Secure Copy Protocol (SCP) which will be the best ways to provide secure transfer. If you are going to be dealing with many gigabytes of data, then you may also want to consider using a Content Delivery Network as a dedicated server will have a limited amount of disk space and repeated access to files will affect server performance.
I hope that helps to provide you some relevant information. If you have any further questions or require further assistance, please leave another comment.
Like this Question? Tweet