A shared responsibility
Synology C2 platform is designed to ensure maximum security, confidentiality, and integrity for clients’ data, including protected health information in electronic form (ePHI). Healthcare operators can easily integrate C2’s data protection and auditing features into their HIPAA compliance strategy.1
Security and privacy
Platform-wide and service-specific tools and settings to restrict ePHI access to authorized personnel.
Integrity and availability
Secure infrastructure design to minimize data loss and corruption risks and boost service availability.
Preventing unauthorized access
Synology C2 can be configured as a no-view service without reading access, eliminating the risk of uploaded patient data leaking into the wrong hands.
Each service in the Synology C2 ecosystem has one or more data protection mechanisms in place, such as end-to-end encryption, client-side encryption, or a combination of measures.
To learn more about how C2 services ensure complete ownership and control of ePHI, refer to the dedicated white paper for each service.
Regulating and auditing access
Thoughtfully designed features enable close control over who has access to health data, both within the organization and while interacting with external parties.
Secure platform access
Access to all C2 services requires a valid Synology Account, which can be configured for maximum security with multi-factor authentication (MFA). Detailed login records simplify investigation when abnormal account activities occur.
Granular sharing settings
Limiting the circulation of ePHI helps reduce risks to data privacy. C2 offers tools such as password protection and expiration dates for share links, and C2 Transfer, designed for file transfers, requires user verification through one-time passwords.
Audit logging and reports
Detailed logs empower admins to investigate user actions including accessing, transferring, or downloading patient data. Reports generated on demand or sent periodically by email facilitate monitoring and evaluation.
Dependable infrastructure you can trust
All C2 data is stored in certified colocation data centers where single points of failure are eliminated through redundant, highly available infrastructure.
Physical safety
ISO 27001 and SOC 2 Type II certifications guarantee strict compliance with security procedures and physical safety measures, as well as monitoring of site access by staff.
Redundancy safeguards
Erasure coding technology helps maximize data redundancy while enabling detection and repair of corrupted data, isolating data from the threat of hardware failure.
Data ownership
With data centers located in Europe, Taiwan, and the US, Synology C2 allows clients to comply with local regulations, such as US and EU data residency requirements.
Learn more about security and privacy at Synology
Data security white papers
Learn in detail how Synology C2 solutions keep data safe from unauthorized access, ensuring total control over ePHI and other sensitive data.
Frequently Asked Questions
What is HIPAA?
What are the HIPAA rules?
What is a no-view service?
What is erasure coding?
What third-party compliance requirements does Synology C2 meet?
Does Synology C2 offer Business Associate Agreements (BAA)?
Sign up for the C2 newsletter
Register now to get the latest updates about C2 services, technical insights, activities, and events.
To ensure you receive our newsletter, we will create a Synology Account for you using the email address provided.
Notes:
The US Department of Health and Human Services (HHS) does not officially issue or recognize any form of HIPAA compliance certification.