Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is the key federal healthcare privacy law in the United States and is enforced by the U.S. Department of Health and Human Services (HHS). HIPAA applies to Covered Entities (such as healthcare providers, insurers, and clearinghouses) and Business Associates (such as those entities that provide services to covered entities). HIPAA requirements are set across three separate rules: Privacy Rule, Security Rule, and Breach Notification Rule. Adobe acts as a Business Associate for certain products, which Adobe classifies as “HIPAA-Ready Services.” Data regulated under HIPAA is referred to as Protected Health Information or PHI. PHI is a subset of health information that (1) is created or received by a healthcare provider, health plan, or healthcare clearinghouse, (2) relates to the past, present, or future physical or mental health or condition of an individual, the provision of healthcare to an individual, or the past, present, or future payment for the provision of healthcare to an individual, and (3) identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual. The HIPAA Privacy and Security Rules require that a Covered Entity obtain written assurances from a Business Associate in the form of a Business Associate Agreement, or BAA, requiring the Business Associate to safeguard the privacy and security of the Covered Entityʼs PHI. For more information, see HIPAA and Adobe Products and Services in the Adobe Trust Center.
Adobe Commerce HIPAA-Ready
The Adobe Commerce HIPAA-Ready extension adds additional features and functionalities to Adobe Commerce installations that allow merchants to comply with their respective HIPAA obligations.
The Adobe Commerce HIPAA-Ready extension, magento/hipaa-ee
is available for Adobe Commerce on cloud infrastructure or Adobe Managed Services projects. The Adobe Commerce HIPAA-Ready installation process disables some native services and features to comply with HIPAA requirements. See Disabled services and features.
These materials are intended for informational purposes only. Provision of this information does not entitle the recipient to any contractual or other rights. While efforts have been made to assure the accuracy of the information as of the date it has been provided, no representation is made that such information is accurate and complete. Adobe undertakes no obligation to update this information as the law or Adobe’s products change. Also, this document is not to be distributed to any party other than the intended recipient without written consent from Adobe.
System requirements
Adobe Commerce must be deployed on either Adobe Commerce on cloud infrastructure or Adobe Commerce Managed Services with version 2.4.6-p3 - 2.4.6-p8 (no beta versions).
Installation
Prerequisite