Healthcare Information Security

Cybersecurity News

PeaceHealth concentrates on file transfer security

- Consolidating and updating internal applications on a regular basis is common for healthcare organizations these days and ensuring data is private and secure should remain a primary focus during these projects. PeaceHealth, a non-profit healthcare organization that operates nine hospitals in the western U.S., has been using Globalscape as its file sharing solution for the last few years.

Though using a technology such as Globalscape, which offers enterprise file transfer software for healthcare providers, has helped merge the different file transfer methods across PeaceHealth, there are security benefits as well. All of Peace Health’s projects have a vetting process that they go through where the exchange of specific patient data needs to be approved by either legal or the security team. And it requires that anyone it exchanges data with use some form of file transfer that’s going to either encrypt or protect that data as it’s delivered to the external location. Globalscape can offer security support such as FIPS 140-2 certified encryption.

Matt Quirk, Senior Interface Systems Analyst at PeaceHealth, explained that there was a list of specific security protocols that were identified and required by the organization before using a file sharing product.

The protocols we use most often are Secure File Transfer ProtocolĀ (SFTP) and we use File Transfer Protocol (FTP) over SSL, with or without PGP encryption. And we do HTTPS as well. We use FTP regularly for limited, internal-only transfers, as we don’t go outside of our intranet with the regular FTP.

  • Latest Round of OCR HIPAA Audits Not a Reason for Panic
  • Malware Most Common Smart Hospital Data Security Threat
  • Patient privacy questions pop up at health-screening kiosks
  • Unauthorized PHI Access at Ohio Hospital Affects 300 Patients
  • Potential Data Breaches From Break-in, Computer Glitch
  • Potential Health Data Breach for Hawaii Office
  • Kaiser Permanente, Surefile still at odds over ePHI security debate
  • BCBS Mich. Employee Stole Patients’ Personal Information
  • UC Irvine Health Data Breach Affects 4,800 Patients
  • Calculating mental health data exposure ramifications
  • Prime Healthcare, OCR agree to $275K data breach resolution
  • How HIPAA Compliance Can Help Against Ransomware Attacks
  • Healthcare Cloud Adoption Slow Due to HIPAA, Survey Finds
  • Supreme Court Dismisses Medical Identity Theft Lawsuit
  • How Secure was National Cybersecurity Awareness Month?
  • Mobile Security Strategies for Common Provider Concerns
  • Over 1,000 notified of missing thumb drive, patient data
  • Small organizations’ steps toward 2014 HIPAA audit readiness
  • Redspin service combines HIPAA and PCI DSS analyses
  • Why HIPAA Technical Safeguards Alone Are Not Enough
  • St. Mary’s Janesville Hospital reports health data breach
  • Healthcare data breach prevention: Taking a preemptive stand
  • Embracing Healthcare Cloud, Virtualization Security Services
  • Telemedicine rising in popularity along with security risks
  • Anthem Health Data Breach Could Compromise PII of 80M
  • Optimizing Healthcare Cloud Security, Virtualization
  • Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court
  • HHS and OCR announce HIPAA awareness campaign
  • Does HIPAA Compliance Give A False Sense of Security?
  • Do Healthcare Data Breach Lawsuits Have Reasonable Standards?
  • Micky Tripathi discusses accounting of disclosures wrap-up
  • Health Data Privacy Top Concern on ONC Roadmap Comments
  • Patient data breach at Washington University School of Medicine
  • McLean Hospital Reports Health Data Breach, Affects 12,600
  • VA Cybersecurity Vulnerabilities Still Exist, Says GAO
  • Utilizing Healthcare Authentication for Stronger Data Security
  • White House Finds HHS Strengthening Cybersecurity Measures
  • Healthcare warming to Google Glass, privacy questions remain
  • NIST Common Security Framework implementation tiers
  • Broward Health sends 960 patient breach notification letters
  • How an accountable care CIO handles mHealth security
  • HHS Funding to Combat Rising Healthcare Cybersecurity Issues
  • Patient data de-identification: Keeping data private and useful
  • What will Texas Office 365 deal mean for healthcare security?
  • NIST Releases Secure Mobile Application Guide
  • Data Breach in Texas Compromises Personal Information
  • Calif. fines Prime Healthcare for patient privacy breach
  • ONC Releases Electronic Health IT Privacy, Security Guide
  • Healthcare BYOD security: Don’t block it, control it
  • NIST to host Cybersecurity Framework workshop
  • Secure Messaging Increases 30% from 2013-14, ONC Says
  • Calif. Psychiatrist Reports Health Data Breach, PHI Theft
  • Viewing cross-industry data breaches with a healthcare lens
  • Is There an Ethical Obligation for Health Data Sharing?
  • Are Business Associates Unprepared in Health Data Protection?
  • Maintaining Patient Data Privacy, Security in Data Sharing
  • PHI ‘Mishandling’ by Montana VA Leads to Possible Data Breach
  • Why Strong Health Insurance Exchange Security is Needed
  • Boston Medical Center May Face Healthcare Data Breach Lawsuit
  • Which States Have a Data Breach Notification Law?
  • Protect Healthcare Data with User Training, Secure Systems
  • Breaking Down the HIPAA Risk Assessment
  • Molina Healthcare PHI Data Breach May Cause Identity Theft
  • VA motions for patient data breach case dismissal
  • How would national data breach policies affect healthcare?
  • OIG to Focus on HHS Information Security, Penetration Testing
  • How Has Medical Device Security Evolved?
  • EHR Association provides Stage 2 Meaningful Use security tips
  • Increased Sharing Puts Healthcare Data Integrity at Risk
  • Omnicell data breach suit dismissal: Healthcare ramifications
  • Healthcare Data Breaches Put PHI at Risk in Calif. and Ind.
  • Anthem Data Breach May Impact 8.8 to 18.8M Non-Customers
  • Riderwood physical therapy notifies patients of data breach
  • Ark. BCBS Sends Data Breach Notification After Computer Theft
  • What Lessons Can be learned from Recent Health Data Breaches?
  • AHA Discusses Mental Health Legislation, HIPAA Regulations
  • Why doesn’t healthcare attract more IT security pros?
  • Kentucky auditor makes case for data breach notification law
  • Why Healthcare Cybersecurity is a Risk Management Issue
  • Determining Whether a HIPAA Data Breach Occurred
  • Healthcare Authentication Factors: Breaking Down HIPAA
  • Cybersecurity Risk Management Focus in HITRUST Catalogue
  • HITRUST Works Toward Stronger Patient Privacy Methods
  • How Healthcare Malware Attacks are Evolving
  • Conn. Governor Signs Data Breach Security Bill into Law
  • Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule
  • Top Tips for Mobile Device Security
  • Potential CalOptima PHI Data Breach Affects 56K Members
  • Securing the health public and private cloud platform bridge
  • Mich. Health Dept. reveals 2,595-patient data breach
  • WEDI still working with small providers on HIPAA compliance
  • Lawrence Melrose Medical Electronic Record reports data breach
  • Latest OCR HIPAA Settlement Highlights BAA Importance
  • Virginia Mason Patient Data Privacy Breach Leads to Lawsuit
  • Five healthcare information security education programs
  • GOP: security still not strong enough
  • Top 5 Healthcare Data Breaches in 2016 Not From Hacking
  • PHI Security Compromised in Healthcare Data Breaches
  • Mapping out a health IT director’s security responsibilities
  • University of Florida reports patient identity theft ring
  • Karl Skoog, Development Manager atĀ PeaceHealth who takes care of interface work, Web development, data extracts and secure file transfer within the organization, explained that Globalscape had all the security protocols that PeaceHealth needed. We had identified protocols that we had requests for previously and made sure that those were met by Globalscape. But making the balance between security and usability was important as well.

    We have a configuration in place where we have a server in the DMZ that communicates and interfaces with the Globalscape server internally. So there’s an extra layer of security that we have in place just with the hardware server configuration.

    Any new project that gets approved that has a file-sharing component of transferring data into or out of the PeaceHealth Network utilizes Globalscape, said Skoog. It also uses it in its reference lab because there are some lab clients that may have a smaller EMR system that don’t have HL7 interfaces and are file-based, they expect PeaceHealth to securely drop a file of lab results. “We use Globalscape to securely drop those lab results to the external clients,” Skoog said.

    James Bindseil, president of Globalscape, said that healthcare providers are generally looking for solutions to business problems, such as ensuring that they can move patient information between providers in an efficient and easy-to-use manner while maintaining compliance. “Providers are more worried about the treatments that they’re providing and saving and enriching lives than they are about any encryption mechanism,” he said. “They have the weight of federal regulations on them as well. Organizations need to be able to send and receive data without it residing in their demilitarized zone (DMZ).”


    SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

    HIPAA Compliance
    Data Breaches

    Our privacy policy

    no, thanks