The document is rather general. Also it does not define any requirements for applications. It just implies the requirement for protocols. When you want to use WinSCP, I suppose that you already have SSH server to connect to, which meets HIPAA. That's all you need. If the server meets HIPAA, than the protocols it implements meet HIPAA. And if you are able to connect to such server with WinSCP, it means that WinSCP supports HIPPA allowed protocols and so it meets HIPAA too. Am I right?
I have not found SSH in chapter "Software-based encryption", but I suppose that the lists is only an example.
Reply with quote