A shared responsibility
Synology C2 platform is designed to ensure maximum security, confidentiality, and integrity for clients’ data, including protected health information in electronic form (ePHI). Healthcare operators can easily integrate C2’s data protection and auditing features into their HIPAA compliance strategy.1
Security and privacy
Platform-wide and service-specific tools and settings to restrict ePHI access to authorized personnel.
Integrity and availability
Secure infrastructure design to minimize data loss and corruption risks and boost service availability.
Regulating and auditing access
Thoughtfully designed features enable close control over who has access to health data, both within the organization and while interacting with external parties.
Secure platform access
Access to all C2 services requires a valid Synology Account, which can be configured for maximum security with multi-factor authentication (MFA). Detailed login records simplify investigation when abnormal account activities occur.
Granular sharing settings
Limiting the circulation of ePHI helps reduce risks to data privacy. C2 offers tools such as password protection and expiration dates for share links, and C2 Transfer, designed for file transfers, requires user verification through one-time passwords.
Audit logging and reports
Detailed logs empower admins to investigate user actions including accessing, transferring, or downloading patient data. Reports generated on demand or sent periodically by email facilitate monitoring and evaluation.
Dependable infrastructure you can trust
All C2 data is stored in certified colocation data centers where single points of failure are eliminated through redundant, highly available infrastructure.
ISO 27001 and SOC 2 Type II certifications guarantee strict compliance with security procedures and physical safety measures, as well as monitoring of site access by staff.
Erasure coding technology helps maximize data redundancy while enabling detection and repair of corrupted data, isolating data from the threat of hardware failure.
With data centers located in Europe, Taiwan, and the US, Synology C2 allows clients to comply with local regulations, such as US and EU data residency requirements.
Learn more about security and privacy at Synology
Data durability blog post
Take a deep dive into the topic of data durability, with a technical overview and real-world examples from our infrastructure.
See how we handle and process users’ personal information, including what data we collect and how long we retain it.
Sign up for the C2 newsletter
Register now to get the latest updates about C2 services, technical insights, activities, and events.
Please enter your email address
Sign up now
The US Department of Health and Human Services (HHS) does not officially issue or recognize any form of HIPAA compliance certification.