HIPAA compliance with SynologyStreamline compliance with HIPAA regulations by leveraging the flexibility of deployment and comprehensive management features of Synology storage systems.A winning choice for healthcare providersPowerful and expandable, Synology solutions are ideal for storing large sets of critical data such as protected health information in electronic form (ePHI). Flexible management tools enable system administrators operating at covered entities or business associates to design an HIPAA-compliant infrastructure that ensures the integrity, confidentiality, and availability of ePHI.Login protectionA first line of defense to shield systems hosting ePHI against external attacks.Data encryptionAdvanced technologies add an extra layer of security throughout the system.Access controlGranular permission settings and delegation options to regulate access to records.Data integrity & availabilityA host of solutions to protect patient information from ransomware and other threats.AuditingReal-time monitoring and historical data to review the activities involving ePHI information.Secure and private by designSynology DiskStation Manager (DSM), the operating system that powers every Synology device, is designed from the ground up to shield data from unauthorized access.Customizable firewall rulesAllow only specific clients to access services hosting electronic patient records by filtering network traffic coming from external sources.Learn moreRigorous password securityMinimize the risk of login credentials being compromised by setting syntax rules and expiration dates for passwords.Learn moreAutomated account protectionConfigure a lockout threshold for failed login attempts to block clients trying to force their way into systems hosting ePHI.Learn moreMulti-platform security alertsBe notified immediately of suspicious login activities to minimize the risk of sensitive data being exposed or leaked.Learn morePowerful encryption throughoutLeverage industry-standard AES-256 encryption to design and manage an effective encryption strategy for health data storage.

Central data vault

Store ePHI in folders that are encrypted by separate set of keys, effectively protecting them even if administrative accounts are compromised as a result of digital or physical theft.

Learn more

Secure syncing

Choose between different methods to keep encrypted folders synchronized across local and remote systems. Avoid decrypting folders during data transfer.

Endpoint protection

Safeguard endpoints by backing them up to encrypted destinations with Active Backup for Business, or opt for secure and convenient cloud backup secured by end-to-end encryption with C2 Backup.

Storage infrastructure protection

Protect the central ePHI repository by backing it up to a variety of destinations, including Synology C2 Storage. Maintain confidentiality by encrypting data even before it leaves the source.

Learn more

Granular access controlEnsure that only authorized personnel can view and operate health data, and limit circulation of sensitive documents based on flexible criteria.User managementConfigure folder permissions, storage quotas, speed limits, and administrative privileges for Synology DSM services on a user or group basis.Learn moreFile managementSet privileges for specific users and groups, and choose whether they can view, comment, edit, download, or copy shared files and folders.Learn moreShared items monitoringLimit circulation of documents containing patient information by configuring sharing links to expire based on date or number of accesses.Learn more
Secure healthcare data with advanced solutions Advanced data integrity safeguards Synology helps organizations protect the meet regulatory compliance with the Btrfs file system, immutable snapshots, WriteOnce, and data replication. These solutions are designed to protect against data corruption, unauthorized changes, and hardware failure. Learn more Comprehensive data protection Protect systems used to host patient data in the event of hardware or software failures, ransomware attacks, or other threats with comprehensive backup solutions. Learn more High-availability solutions Ensure the operation of essential services that healthcare professionals and patients use to handle electronic health records. Learn more
Extensive auditing capabilitiesAccess detailed logs to keep track of how ePHI is accessed and operated, ensuring proper use and compliance with HIPAA regulations concerning data breach notifications.System Logs Centrally display and manage system logs generated by Synology DSM or other devices in the local network, and configure alerts to be triggered when set events occur. Learn moreFile Transfer Monitoring Track the histories of files being transferred through common file protocols, including SMB, AFP, FTP, and WebDAV for a comprehensive overview of ePHI circulation. Synology Drive Admin Console Monitor up to 40 types of actions, including changes made to files, changes in folders, and service activities, and perform audits to pinpoint suspicious events. Learn more
Fleet management and monitoringStreamline maintenance of and tighten control over multi-server deployments with Synology’s on-premises and cloud solutions for distributed storage systems.Synology Central Management System (CMS)Active Insight
 Learn more HIPAA compliance in the cloud Discover how Synology C2 cloud services make it easy for healthcare providers to stay compliant when storing ePHI on the cloud. Read More Security on Synology DSM Learn in detail how Synology’s robust and sophisticated security solutions protect personal and business data. Learn more Protection against ransomware Ransomware attacks are among the leading causes of data loss. Learn how to protect essential data from external threats. Learn more Frequently Asked Questions What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) was introduced by US Congress in 1996 to set regulatory standards for the lawful use and disclosure of electronic protected health information (ePHI). Under HIPAA regulations, healthcare providers and businesses are expected to meet a set of requirements aimed at ensuring the privacy and security of any ePHI that is created, managed, received, or transmitted.
What are the HIPAA rules?
HIPAA legislation consists of five rules. Each rule lays out different requirements for HIPAA compliance:
  1. Privacy Rule: How, when, and under what circumstances ePHI can be used and disclosed
  2. Security Rule: Technical, physical, and administrative standards to safeguard the integrity of ePHI
  3. Omnibus Rule: Integration of HITECH’s provisions into HIPAA to strengthen protection of ePHI
  4. Breach Notification Rule: Terms and conditions for the notification of data breaches involving ePHI to interested parties and the public
  5. Enforcement Rule: Investigation and penalties applied following a data breach involving ePHI
Over the years, the requirements have been integrated and expanded in response to technological advancements in healthcare and other industries.
Are Synology systems HIPAA certified?
The US Department of Health and Human Services (HHS) does not officially issue or recognize any form of HIPAA compliance certification. Complying with the requirements set forth by the HIPAA regulations is thus the sole responsibility of covered entities and business associates, which must ensure that the systems and services they use are configured to protect the integrity and confidentiality of all the ePHI they store or process.
Notes:The information on this website is provided for informational purposes only and should not be construed as legal advice on any matter. Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. Synology does not accept liability with respect to any actions taken or not taken based on the contents of this website.