SendThisFile is dedicated to providing industry leading security and regulatory compliance to its customers.

SendThisFile, Inc. and its partners comply with specialized regulatory requirements which our small, medium, Fortune 500 and Fortune 10 customers must meet. As such, SendThisFile, Inc. is able to provide a robust managed file transfer service to customers who must meet stringent data privacy and data security regulations.

SendThisFile is compliant with HIPAA, EU-US Privacy Shield, SAS 70 Type II, SSAE16, PCI DSS and FIPS 140-2.


Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The U.S. Department of Health and Human Services recognizes electronic file transfer as a legitimate method of moving individual health records between medical personnel and medical facilities. The file transfer service provided by SendThisFile, Inc. meets the electronic transmission requirements for these documents.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) omnibus final rule which was announced in January of 2013 and effective March of 2013, is based on statutory changes under the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) and the Genetic Information Nondiscrimination Act of 2008 (GINA).

The HIPAA omnibus final rule narrowed the “conduit exception” for Business Associate agreements. However, it still recognizes courier services such as the USPS, UPS and their electronic equivalents as exceptions to the Business Associate agreement requirement. A key determinant in meeting or not meeting the conduit exception is the “transient versus persistent nature” of the service offered.

If your firm requires a Business Associates Agreement, please let us know by contacting us at and we will provide our standard Business Associates Agreement for your review. Our Business Associate Agreement is available for our Enterprise level plans.


Statement on Auditing Standards No. 70 (SAS 70)

SendThisFile utilizes Data Centers that have passed a Statement on Auditing Standards (SAS) No. 70 Type II audit conducted by a third party.


Statement on Standards for Attestation Engagements No. 16 (SSAE16)

SendThisFile utilizes data centers that have met the requirements of the Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization.



SendThisFile meets Payment Card Industry Data Security Standard (PCI DSS) version 2.0. PCI DSS version 2.0 is the global data security standard that any business of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data. The standard includes 12 requirements for any business that stores, processes or transmits payment cardholder data. These requirements specify the framework for a secure payments environment.

For more information regarding PCI DSS visit


Federal Information Processing Standards (FIPS) 140-2

Federal Information Processing Standards Manual 140 covers the security measures used within software modules. File uploads and downloads on SendThisFile involve a browser at the upload end, a Java module on the SendThisFile server, and a browser on the download end.

  • Microsoft Internet Explorer browser is FIPS 140-2 compliant. If both the sender and the recipient are using Microsoft Internet Explorer browsers, the transfer will be conducted using FIPS 140-2 compliant modules.
  • Mozilla’s FireFox browser is FIPS 140-2 compliant, when configured by the user.
  • SendThisFile also utilizes Java JCE and Java JSSE on its servers, which are FIPS 140-2 compliant.


SendThisFile Personnel

SendThisFile, Inc. has provided enterprise level solutions longer than any other firm in the managed file transfer industry. We serve Federal military, business and nuclear agencies, international stock market and financial reporting firms, global banks and hospitals. SendThisFile restricts the number of employees who have access to customer data to a small, highly-vetted group, along with secure login procedures.