Question: Our staffers want to use file transfer protocol (FTP) to send patients- confidential information back to the office when they-re working from home. Can we do this without violating the privacy or security rules? Alaska Subscriber Answer: Yes, you can use FTP to send patients- confidential information, but it is not without problems. FTP is a widely used method of moving files from one system to another over the Internet, but it is loaded with security risks. Information sent via FTP is sent in clear text -- anyone can read it whether the file is in transit or at rest. Better idea: If your staff needs to send information back to the office, instruct them to use encrypted e-mail instead. And if you cannot afford to equip each workstation with encryption, make staffers save their work to a portable disk. That way, you can control who sees the information and how it is disposed of. Bottom line: Although FTP is not banned by either the privacy or security rules, you can't just send your patients- protected health information (PHI) into the world without protection. Tip: Work with your tech team to develop a policy on how your staff can transmit PHI from home. A virtual private network (VPN) is a good option.