SendThisFile utilizes data centers that have passed a Statement on Auditing Standard (SAS) No. 70 Type II audit conducted by a third party. A SAS 70 Type II audit uses an outside auditor to validate that the internal controls for a company conform to industry best practices. A successful audit signifies that the proper procedures, hardware, and software provide robust security for our servers and that proper data handling is being performed. We are proud of our SAS 70 type II data center status.
Our data centers have also met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 effectively replaces SAS 70 as the authoritative guidance for reporting on service organizations. SSAE 16 was formally issued in April 2010 with an effective date of June 15, 2011.
The Health Insurance Portability and Accountability Act (HIPAA) specifies a series of administrative, physical, and technical safeguards for covered entities and their Business Associates to use to assure the confidentiality, integrity, and availability of electronic protected health information. The HIPAA omnibus final rule narrowed the “conduit exception” for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the “transient versus persistent nature” of the service offered. SendThisFile, Inc. is a secure file transfer service and not a file storage service. This service is transient in nature and therefore meets the conduit exception.
If your firm requires a Business Associates Agreement, please let us know by contacting us firstname.lastname@example.org and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.
Compliant File Transfer
If your business has rules and regulations for safeguarding data, a compliant file transfer is a necessity. To discuss your requirements in more detail, contact a email@example.com, or start out with a free plan today.