HIPAA Compliance and Synology C2

Learn how Synology C2's secure infrastructure and privacy-focused design helps clients comply with HIPAA regulations.

A shared responsibility

Synology C2 platform is designed to ensure maximum security, confidentiality, and integrity for clients’ data, including protected health information in electronic form (ePHI). Healthcare operators can easily integrate C2’s data protection and auditing features into their HIPAA compliance strategy.1

Security and privacy

Security and privacy

Platform-wide and service-specific tools and settings to restrict ePHI access to authorized personnel.

Integrity and availability

Integrity and availability

Secure infrastructure design to minimize data loss and corruption risks and boost service availability.

Preventing unauthorized access

Synology C2 can be configured as a no-view service without reading access, eliminating the risk of uploaded patient data leaking into the wrong hands.

Each service in the Synology C2 ecosystem has one or more data protection mechanisms in place, such as end-to-end encryption, client-side encryption, or a combination of measures.

To learn more about how C2 services ensure complete ownership and control of ePHI, refer to the dedicated white paper for each service.

Preventing unauthorized access

Regulating and auditing access

Thoughtfully designed features enable close control over who has access to health data, both within the organization and while interacting with external parties.

Secure platform access

Access to all C2 services requires a valid Synology Account, which can be configured for maximum security with multi-factor authentication (MFA). Detailed login records simplify investigation when abnormal account activities occur.

Granular sharing settings

Limiting the circulation of ePHI helps reduce risks to data privacy. C2 offers tools such as password protection and expiration dates for share links, and C2 Transfer, designed for file transfers, requires user verification through one-time passwords.

Audit logging and reports

Detailed logs empower admins to investigate user actions including accessing, transferring, or downloading patient data. Reports generated on demand or sent periodically by email facilitate monitoring and evaluation.

Dependable infrastructure you can trust

All C2 data is stored in certified colocation data centers where single points of failure are eliminated through redundant, highly available infrastructure.

Physical safety

Physical safety

ISO 27001 and SOC 2 Type II certifications guarantee strict compliance with security procedures and physical safety measures, as well as monitoring of site access by staff.

Data ownership

Redundancy safeguards

Erasure coding technology helps maximize data redundancy while enabling detection and repair of corrupted data, isolating data from the threat of hardware failure.

Redundancy safeguards

Data ownership

With data centers located in Europe, Taiwan, and the US, Synology C2 allows clients to comply with local regulations, such as US and EU data residency requirements.

Learn more about security and privacy at Synology

Data security white papers

Learn in detail how Synology C2 solutions keep data safe from unauthorized access, ensuring total control over ePHI and other sensitive data.

Frequently Asked Questions

What is HIPAA?

What are the HIPAA rules?

What is a no-view service?

What is erasure coding?

What third-party compliance requirements does Synology C2 meet?

Does Synology C2 offer Business Associate Agreements (BAA)?

Sign up for the C2 newsletter

Register now to get the latest updates about C2 services, technical insights, activities, and events.

A Synology Account is required to join our mailing list. You can manage newsletter preferences with your Synology Account.

infoTo ensure you receive our newsletter, we will create a Synology Account for you using the email address provided.


  1. The US Department of Health and Human Services (HHS) does not officially issue or recognize any form of HIPAA compliance certification.