Skip to main content

Security & Transmission

This guide outlines security requirements and best practices for transmitting sensitive data to Paytient.

Data Sensitivity Overview

Files transmitted to Paytient may contain sensitive information that requires protection under various regulations:

Protected Health Information (PHI)

Examples of PHI in transmitted files:

  • Service descriptions
  • Provider names
  • Medical claim details
  • Pharmacy information
note

This is a subset of information covered by HIPAA's PHI definition. For the complete list of 18 PHI identifiers, see the HHS guidance on PHI.

Regulatory Compliance: HIPAA (Health Insurance Portability and Accountability Act)

Personally Identifiable Information (PII)

Examples of PII in transmitted files:

  • Full names
  • Social Security Numbers (SSN)
  • Birth dates
  • Home addresses
  • Email addresses
  • Phone numbers
note

This is a subset of information considered PII. For more information on PII definitions and protection requirements, see the NIST Guide to Protecting PII.

Regulatory Compliance: Various state and federal privacy laws

Transmission Requirements

Transmission Methods

check_circle SFTP (Secure File Transfer Protocol) - Recommended

Upload files directly to your assigned folder at sftp.paytient.com

  • See SFTP Connection Setup Guide for detailed instructions
  • Uses SSH key authentication for maximum security
  • Files are encrypted in transit

Prohibited Transmission Methods

cancel Standard Email - Never use email for files containing PHI or PII

cancel Unencrypted FTP - Not secure enough for sensitive data

cancel Public Cloud Storage - Shared links (Dropbox, Google Drive, etc.) are not acceptable

Important

Because eligibility files contain Sensitive PII (Social Security Numbers and Birth Dates) and claims files contain Sensitive PHI (Service Descriptions and Provider Names), you must never send these files via standard email.

Your Responsibilities

  • Ensure data is accurate and properly formatted
  • Use only approved transmission methods
  • Maintain security of your SFTP credentials by storing them in a safe location such as a credential store or secure password manager, and limit access to those with a need to know
  • Follow internal security and compliance policies

Questions?

If you have questions about security requirements or need to discuss alternative transmission methods, contact your Paytient implementation team.

Related Documentation