Skip to main content
Skip table of contents

HIPAA Compliance Policy


At Thru, we are committed to ensuring the privacy and security of protected health information (PHI) in full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

As a Managed File Transfer vendor, we provide secure file transfer solutions to covered entities and business associates in the healthcare industry. This policy outlines our approach to maintaining HIPAA compliance.

Access Controls and Auditing

Our MFT solution implements robust access controls, including role-based access, multi-factor authentication, and detailed audit trails to monitor and prevent unauthorized access to PHI.

Data Encryption

All PHI data transferred through our MFT solution is encrypted in transit and at rest using HIPAA-compliant encryption algorithms and key strengths (e.g., AES-256).

Secure Transfer Protocols

Our MFT solution supports secure file transfer protocols such as SFTP, FTPS, and HTTPS to ensure the confidentiality and integrity of PHI during transfer.

Incident Response and Breach Notification

We maintain documented procedures for identifying, responding to, and reporting any security incidents or potential breaches involving PHI in accordance with HIPAA's Breach Notification Rule.

Risk Management and Assessments

We conduct regular risk assessments to identify potential vulnerabilities and implement appropriate safeguards to mitigate risks to the confidentiality, integrity, and availability of PHI.

Workforce Training and Awareness

All employees receive regular HIPAA training to ensure awareness and adherence to PHI privacy and security practices.

Policies and Procedures

We maintain comprehensive policies and procedures to govern all aspects of HIPAA compliance, including PHI handling, security incident response, and workforce training.

Compliance Audits and Monitoring

We regularly monitor and audit our HIPAA compliance through internal assessments and third-party audits or certifications.


We review and update this policy periodically to ensure ongoing compliance with HIPAA and other applicable privacy and security regulations.

For any HIPAA-related inquiries or concerns, please contact our Privacy Officer at

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.