Question: Our staffers want to use file transfer protocol (FTP) to send patients' confidential information back to the office when they're working from home. Can we do this without violating the privacy or security rules? Alaska Subscriber Answer: "Yes," says security specialist Ali Pabrai, CEO and co-founder of HIPAA Academy.net in Chicago. But that doesn't mean it's a safe practice, he warns. FTP is a widely used method of moving files from one system to another over the Internet, but it is loaded with security risks, Pabrai asserts. "Information sent via FTP is sent in clear text -- anyone can read it," whether the file is in transit or at rest, he explains. Better idea: If your staff needs to send information back to the office, instruct them to use encrypted e-mail instead.