The document is rather general. Also it does not define any requirements for applications. It just implies the requirement for protocols. When you want to use WinSCP, I suppose that you already have SSH server to connect to, which meets HIPAA. That's all you need. If the server meets HIPAA, than the protocols it implements meet HIPAA. And if you are able to connect to such server with WinSCP, it means that WinSCP supports HIPPA allowed protocols and so it meets HIPAA too. Am I right?

I have not found SSH in chapter "Software-based encryption", but I suppose that the lists is only an example.

Take a look at the following link. It is the latest documentation I have been able to find on standards for encryption on this subject:

<invalid hyperlink removed by admin>

OK. Can someone point out significant "HIPAA requirements"?

HIPAA stands for the Health Information Privacy ans Accountability Act. It sets a minimum standard regarding the security of patient information. IF your product met HIPAA requirements, then hospitals that are "HIPAA Certified" could use your product.

What is HIPAA? And why should WinSCP meet its guidelines?

Please email your documentation that WinSCP meets HIPAA guidelines. I saw something for FTP but nothing for WinSCP.

Thank You