Capario Secure File Transfer User Guide
Notices This user guide (the Guide ) is provided by Capario in order to facilitate your use of the Capario Secure File Transfer Software. This Guide is subject to change without notice. Capario retains all rights with respect to the Guide and the Secure File Transfer Software. Your right to use this Guide and the Capario Secure File Transfer Software is subject to the Capario Terms of Use found at www.capario.com, including, but not limited to, the warranty disclaimers contained therein. In addition, your use may be subject to other terms and conditions as agreed upon between you and Capario. All content included in this Guide, including trade names or marks, service names or marks, text and graphics (collectively the Content ) and the selection and arrangement thereof, are the sole and exclusive property of Capario or its suppliers. However, you are free to view, copy, print, and distribute the Content as long as: The Content is used for information purposes only. The Content is used for non-commercial purposes only within your organization in support of Capario products. The Content is not distributed in any form to any third party. Copies of the Content include all Capario s copyright or other proprietary notices. Except as specified above, nothing contained herein shall be construed as conferring by implication, estoppel or otherwise any license or right under any patent, trademark or copyright of Capario or any third party. THE CONTENT IN THIS GUIDE IS THE PROPRIETARY PROPERTY OF CAPARIO AND/OR ITS SUPPLIERS AND IS PROTECTED BY U.S. AND INTERNATIONAL COPYRIGHT AND OTHER INTELLECTUAL PROPERTY LAWS. EXCEPT AS SPECIFICALLY PERMITTED HEREIN, YOU AGREE NOT TO DUPLICATE, TRANSLATE, PUBLISH, DISTRIBUTE, MODIFY, EXTRACT DATA FROM, OR OTHERWISE COMMERCIALLY EXPLOIT ANY CONTENT. All contents in this Guide are: Copyright 2009 Capario Inc. or its licensors. All rights reserved. Capario respects the intellectual property of others, and we ask you to do the same. If you believe some Content in this Guide has been copied in such as way to constitute copyright infringement, please contact Capario via email at mailto:custsupport@capario.com Revision Date: March 2, 2009 (re branded to Capario) Page 2 of 26
Table of Contents Overview... 4 Capario's Secure File Transfer Software... 4 Name Change... 4 How Capario SFT Software Works... 4 Security... 4 Features and Functions of Capario s SFT Software... 5 Getting Started... 6 How to Obtain Capario SFT Software... 6 System Requirements... 7 How to Obtain Java Runtime Environment... 7 Installing Capario's SFT Software... 9 How to obtain a Capario SFT Software Account... 9 Capario s SFT Software Commands... 10 Capario SFT Software Client Help... 10 Changing your Password... 12 Changing your Password- Continued... 13 Display Share Folders on the Server... 14 Upload Files to the Server... 15 Display your Files on the Server... 17 Download Files from the Server... 18 Download ERA Files from the Server... 20 Replacing Standard FTP with Capario SFT Software... 21 Scripting... 21 Password Management... 22 Set-up Password... 22 Password Expiration... 22 Password 'Lock-Out'... 23 Reports... 24 ERAs... 25 Delivery Conventions... 25 Error Codes... 26 Page 3 of 26
Overview Capario's Secure File Transfer Software In response to the HIPAA Privacy Rule, Capario has migrated all direct FTP Internet submitters to an encrypted connectivity method. As you know, Capario trades production Protected Health Information (PHI) with submitters, payers, and vendors via the FTP protocol over the Internet. To protect our customer s electronic health information from inappropriate disclosure and misuse, Capario has implemented the Capario Secure File Transfer Software (MSFT) as a secure alternative to FTP. The Capario SFT software enables customers to send and receive files with Capario over the Internet with Secure Sockets Layer (SSL) encryption technology and is provided by Capario free of charge. Customers will simply install the MSFT software client on their local workstation or server. Capario account managers will be contacting all customers to begin this migration. Name Change When ProxyMed became Capario on December 5, 2005 the product name for ProxyMed SFT (PMSFT) was changed to Capario SFT (MSFT). That name change, for this product, is reflected in this document. For now, however, the server name, file names and directory structure did not change. As shown in this document these all remain as pmsft. How Capario SFT Software Works Capario s SFT software has two components; a client and server piece. Our Customers will install the Java based client piece onto their workstation or network server and then connect to Capario s SFT server. With the Capario SFT software, file transfers can be scripted, just like regular FTP. If you are a current FTP user you will have the same subdirectories on the Capario SFT server. This means that accounts on the new Capario SFT server should be configured with the same information that currently exists on the FTP server. As account managers work with customers to migrate to this software, implementation staff will be called upon to configure accounts on the Capario SFT server. Security Secure Sockets Layer (SSL) technology is used to encrypt traffic between the Capario SFT software client and Capario s SFT server. Once users log into the server with a user ID and password they are enabled to manage their passwords, which includes: Changing their password Configuring their password to expire Setting-up notification, via email, of pending password expiration Configuring 'lock out' based on a selected number of unsuccessful login attempts Page 4 of 26
Features and Functions of Capario s SFT Software The Capario Secure File Transfer Software replaces unsecured standard FTP protocol. In addition allows customers to: Securely send PHI to Capario via the Internet, private lines, or dial-up. Securely receive PHI from Capario. Maintain confidentiality and privacy by ensuring that production PHI is encrypted as it is transmitted across the Internet. Maintain integrity by ensuring that PHI is not modified as it is transmitted across the Internet. Ensure that production PHI has proper access control and authentication. Page 5 of 26
Getting Started How to Obtain Capario SFT Software The Capario SFT software is available, via download, at no charge. The Capario download center can be reached via the Capario web site, see steps below, or follow this link: http://www.capario.com/resource_center.html Click on Capario SFT Application Page 6 of 26
System Requirements Minimum system requirements for Capario SFT software Any of the following operating systems: Windows XP, 2000 (sp2+), ME, NT (sp5+), 98, or 95b (Winsock 2.0) Solaris Operating Environment Linux OS on Intel Mac OS X Java version 1.4.2_02 and above. (Note: Capario SFT is not compatible with Java 1.3.X or 1.4.2_01) An Internet connection that allows outbound connections to tcp/1023 How to Obtain Java Runtime Environment To determine the version and/or the existence of Java installed on your computer, open a command prompt and type: java -version. Note: there is a space following java. If Java is not installed, or if you need to update your version, you can obtain the correct Java Run Time Environment for free. Follow these steps: Go to: http://www.java.com Free Download Locate the Free Download box and click on Get It Now Page 7 of 26
Installation Agreement From this point you will either be prompted to download and install a new version of the Java Runtime Environment or your current version will automatically be updated. To install, review and click Yes. Note this screen may change as Sun updates their versions. Installer Installation screen shows download progress. Once the Java file is downloaded, follow all additional screen prompts to complete installation of the current Java Runtime Environment. Page 8 of 26
Installing Capario's SFT Software Capario will send you the Secure File Transfer software in a compressed file. These set-up and configuration steps are the basis for all examples shown in this User Guide. Create a new folder C:\pmsft\ Installation and Configuration Copy MSFT compressed file into pmsft folder and unzip Capario s SFT server address is: pmsft.proxymed.com:1023 Examples in this User Guide User ID Passwords scodon userpa$$1 and $pain2003 Folders on the client: As part of the implementation we recommend that current Capario FTP customers and new customers adopt the following directory structure: Claim files to be located in the directory: C:\pmsft\claims Report files to be located in the directory: C:\pmsft\reports Network installation, of course, will use their directory locations. Folders on Capario s SFT server: How to obtain a Capario SFT Software Account Reports and Claims To obtain a secure file transfer account, contact your Capario representative. In most cases, your Capario SFT software account will be the same as your current FTP account, however, with Capario SFT software, you set your own password. Page 9 of 26
Capario s SFT Software Commands Capario SFT Software Client Help Open a Command Prompt Change directories to C:\pmsft directory Type: java -jar filetransfer.jar help Help Screen Syntax and definitions shown here. Page 10 of 26
PMSFT Software Commands The following are five commonly used MSFT commands. For the commands below C:\PMSFT> represents the local, working, PMSFT directory. Note there is one (1) space between java and -jar and between each argument. C:\PMSFT>java -jar filetransfer.jar changepassword pmsft.proxymed.com:1023 <User> <OldPass> <NewPass> C:\PMSFT>java -jar filetransfer.jar queryshares pmsft.proxymed.com:1023 <User> <Pass> C:\PMSFT>java -jar filetransfer.jar queryfiles pmsft.proxymed.com:1023 <User> <Pass> <Share> <FileMask> C:\PMSFT>java -jar filetransfer.jar sendfiles pmsft.proxymed.com:1023 <User> <Pass> <Share> <SourceDir> <FileMask> <True or False> Using True will move files from your local directory to the Capario SFT server Using False will copy files from your local directory to the Capario SFT server C:\PMSFT>java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 <User> <Pass> <Share> <TargetDir> <FileMask> <True or False> Using True will move files from the Capario SFT server to your local directory Using False will copy files from the Capario SFT server to your local directory Command Guidelines for File Names, User IDs and Passwords For users running Microsoft Operating systems: File names, User IDs and Passwords that contain special characters should be entered using "double" quote marks. For users running UNIX Operating systems: File names, User IDs and Passwords that contain special characters should be entered using 'single' quote marks. For any operating system, file names can not contain any spaces. Command Parameters Defined IP Address The host address and port (use pmsft.proxymed.com:1023 ) User OldPass NewPass Pass Share SourceDir TargetDir FileMask Delete The unique user name on Capario's system. This is your eight (8) digit client ID. Use single quotes when entering your User Name. Used when creating a new password. Refers to password being changed. Use single quotes when entering a password. Used when creating a new password. Refers to the new password. Use single quotes when entering a password. The user's current password. Use single quotes when entering a password. This is the key to a folder on Capario's system (example Claims). Path to the file upload folder on your local computer. Path to the file download folder on your local computer. See 'Command Guidelines for File Names, User IDs and Passwords' above. True or False to indicate whether to delete source file(s). Page 11 of 26
Changing your Password Capario s SFT Password Guidelines The Capario s SFT site requires a password to authenticate each File Transfer User ID for access to Capario's network. Passwords are case sensitive and must: Consist of 8-15 characters Contain at least 4 letters Contain at least 4 non-alphanumeric characters or numbers. See below for acceptable non-alphanumeric characters. Acceptable non-alphanumeric characters are:! # $ % & ( ) +, -. / : <? @ > = _ ~ Note the following when creating your password. Passwords: Cannot be the same as the Practice ID Cannot include spaces or CTRL Character Cannot include these characters: " ' * ; [ ] \ ^ ` { } Page 12 of 26
Changing your Password- Continued To change your password, navigate to the pmsft directory. The command prompt will be: C:\PMSFT> Type the change password command based on this syntax: java -jar filetransfer.jar changepassword pmsft.proxymed.com:1023 scodon "userpa$$1" "$pain2003" Where: scodon = ClientID, userpa$$1 = Old Password, $pain2003 = new password In this example the password is being changed from userpa$$1 to $pain2003. Note: Double quotes are not part of password. See page 11 regarding double quotes for users of Microsoft Operating systems. System responded with: Page 13 of 26
Display Share Folders on the Server To display your shares (folders) on the MSFT server, navigate to C:\pmsft directory The command prompt will be: C:\PMSFT> Type the queryshares command based on this syntax: java -jar filetransfer.jar queryshares pmsft.proxymed.com:1023 scodon "$pain2003" Where scodon= User ID and $pain2003 = password System will respond with: Page 14 of 26
Upload Files to the Server To upload files by MOVING them to the MSFT server, navigate to C:\pmsft. The command prompt will be: C:\PMSFT> Type this sendfiles command based on this syntax: java -jar filetransfer.jar sendfiles pmsft.proxymed.com:1023 scodon "$pain2003" claims c:\pmsft\claims "*.clm" true Where scodon= User ID, $pain2003 = password In this example we are uploading local claim files from c:\pmsft\claims\*.clm to the claims folder on the server and deleting the claim files on the local computer. (i.e. we moved the files) System will respond with: Page 15 of 26
To upload files by COPYING them to the MSFT server, navigate to C:\pmsft. The command prompt will be: C:\PMSFT> Type this sendfiles command based on this syntax: java -jar filetransfer.jar sendfiles pmsft.proxymed.com:1023 scodon "$pain2003" claims c:\pmsft\claims "*.clm" false Where scodon= User ID, $pain2003 = password In this example we are uploading local claim files from c:\pmsft\claims\*.clm to the claims folder on the server and leaving a copy of the file on the local computer. (i.e. we copied the file) System will respond with: Page 16 of 26
Display your Files on the Server To display files in a particular folder on the Capario SFT server, navigate to C:\pmsft directory The command prompt will be: C:\PMSFT> Type this queryfiles command based on this syntax: java -jar filetransfer.jar queryfiles pmsft.proxymed.com:1023 scodon "$pain2003" claims "*.clm" Where scodon= User ID, $pain2003 = password, claims = Folder on the PMSFT sever. *.clm = claim files Since this is a test account we are viewing recently uploaded claim files. You would probably modify this command to view available report files on the Capario SFT server. In this example we are searching for all.clm files in the PMSFT claims folder. System will respond with: Page 17 of 26
Download Files from the Server To download files by MOVING them from the Capario SFT server, navigate to C:\pmsft. The command prompt will be: C:\PMSFT> Type this retrievefiles command based on this syntax: java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 scodon "$pain2003" reports c:\pmsft\reports "*" true Where: scodon= User ID, $pain2003 = password, "*"= files on the PMSFT server In this example we are downloading report files, using "*",to the local directory, c:\pmsft\reports, and deleting the files on the server. (i.e. we moved the files) System response: Since this is a test account, there were no files available for download Page 18 of 26
To download files by COPYING them from the Capario SFT server, navigate to C:\pmsft. The command prompt will be: C:\PMSFT> Type this retrievefiles command based on this syntax: java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 scodon "$pain2003" reports c:\pmsft\reports "*" false Where scodon= User ID, $pain2003 = password, "*"= files on the PMSFT server In this example we are downloading report files, using "*", to the local directory c:\pmsft\reports, and leaving a copy of the files on the server. (i.e. we copied the files) System will respond with: Since this is a test account, there were no files available for download Page 19 of 26
Download ERA Files from the Server If you are using Capario SFT to retrieve ERAs, the methods are same as for Reports. The difference is that Capario SFT will place ERAs in a separate directory. In addition you will need to designate your local ERA directory. To download ERA files by MOVING them from the Capario SFT server, use the following syntax from the C:\PMSFT prompt: java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 scodon "$pain2003" era c:\pmsft\era "*" true Where scodon= User ID, $pain2003 = password, "*"= files on the PMSFT server In this example we are downloading the files, "*", from the era folder to the local directory c:\pmsft\era and deleting the files on the server. (i.e. we moved the file) To download ERA files by COPYING them from the Capario SFT server, type the following command: java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 scodon "$pain2003" era c:\pmsft\era "*" false Where scodon= User ID, $pain2003 = password, "*"= files on the PMSFT server In this example we are downloading the files,"*", from the era folder to the local directory c:\pmsft\era and leaving the files on the server. (I.e. we copied the file). Page 20 of 26
Replacing Standard FTP with Capario SFT Software Scripting This section assumes that current FTP submitter customers have configured scripts to upload and download PHI files. A modified version of these scripts can be used to upload and download files using Capario SFT software. ftp -n -s:scriptfile.txt pmsft.proxymed.com:1023 user scodon $pain2003 put c:\claim1.clm /claims/claim1.clm get /reports/report.clm c:\reports\report.clm quit FTP Commands PMSFTS Commands Sample FTP command to connect to an FTP site Additional FTP script file to log in, upload to the claims share and download from the report share The following are Capario SFT software scripts used to 'put' or upload files and 'get' or retrieve files. MSFT software command to connect, log in and upload or 'put' claim files java -jar filetransfer.jar sendfiles pmsft.proxymed.com:1023 scodon "$pain2003" claims c:\claims1.clm False Where scodon= User ID, $pain2003= password MSFT software command to connect, log in and retrieve or 'get' report files java -jar filetransfer.jar retrievefiles pmsft.proxymed.com:1023 scodon pari$2003 reports c:\reports reports.clm False Where scodon= User ID, $pain2003= password Page 21 of 26
Password Management Set-up Password When the Capario administrator creates a new customer account, the password issued will be for 'one-time' use only which will force the user to change their password the first time they enter the system. See "Changing Your Password" section above. Any attempted operation, other than changing your password, will result in the following screen: Password Expiration Capario strongly suggests that users schedule password expiration every 30 days. The Capario SFT software application provides a user managed tool that will automatically remind the user, via email, that a password is about to expire. This automatic password notification can be set to send an alert any number of days before the password expires. Page 22 of 26
Password 'Lock-Out' As an added security feature, user accounts can be configured to 'lock-out' after a specified number of unsuccessful log-in attempts. Once an account is locked out, the user must contact Capario to unlock it. Here is a 'lock-out' message: The Capario Secure File Transfer account for user id scodon has been locked due to repeated failed attempts to access the account. Please contact a Capario Customer Advocacy representative to resolve this issue. We are sorry for the inconvenience. If you have a script configured with the correct password, and your account gets locked out, this might be the result of malicious network activity. You should conduct an internal investigation to determine why your account was locked out. If your account is 'locked-out', you will get the following screen response for any attempted operation: Page 23 of 26
Reports Reports delivered back to the Client will have the specific client identification attached to the front of the file name. Reports to be delivered back to the Client will have the client identification prefixed to the file name. The general format would be: <Client ID>.<CYYMMDDHHMISS>.<Extension>. Sample File Name: 99999999.20030523164439.rec where: CC YY MM DD HH MI SS rec Century Year Month as 2 digits with left zero if needed. For example March would be 03. Day of month Hour of the day Minute Second Report extension. Page 24 of 26
ERAs ERAs delivered back to the Client will have the specific client identification attached to the front of the file name, if not present during initial transfer. ERAs to be delivered back to the Client will have the client identification prefixed to the file name. Delivery Conventions The general format would be: <Client ID>.<CCYYMMDDHHMISS>.<Extension>. Sample File Name: 99999999.20030523164439.XXX where: CC YY MM DD HH MI SS XXX Century Year Month as 2 digits with left zero if needed. For example March would be 03. Day of month Hour of the day Minute Second ERA File name extension. It is assumed that all Capario SFT clients will both drop off and pick up files. Exceptions to this rule will require special arrangements, since HIPPA compliance may be affected. Page 25 of 26
Error Codes These are some of the common error codes used by the Capario SFT application, with a description. PMSFT Code 0 Command Succeeded 1 Command Unknown Description Wrong number of arguments. In this case the pmsft client was unable to parse the command 64 line to the correct number of arguments. A possible solution is to place double quotes around all command line arguments. 66 File(s) not found 67 Authentication failed or Server Denied Login 73 Unknown host 74 IO Exception 77 Path Access Error 120 Authentication failed or Server Denied Login 121 Password not changed 122 The account has been locked. User had more than 6 unsuccessful login attempts 123 Account requires password 131 Invalid Port 141 File Upload Failed to 142 File Download Failed to 160 Failed to Retrieve User 161 Failed to Retrieve File Page 26 of 26