Secure file transfer protocol (SFTP), a component of the secure shell (SSH) protocol, is useful in maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). SFTP uses encryption and algorithmic hash functions to protect information from unintended viewing or theft, and is considered a best-practice way to securely send files.
Like other standard protocols and technologies that are deployed to maintain HIPAA-compliant security, SFTP is not required specifically by the agency that regulates it, the Department of Health and Human Services. (The HHS regulates the law flexibly, allowing organizations to make their own specific decisions on means.) While you certainly do not have to use SFTP in order to stay compliant, it is a standard and straightforward way to meet the need for secure HIPAA file transfer.