HIPAA-ready hosting in Adobe Commerce

Transcript

Hi, I’m Russell with Adobe Commerce. And in this session, I’ll provide an overview of the healthcare add-on for Adobe Commerce, which is our HIPAA-ready Adobe Commerce solution. When I mention HIPAA readiness in relation to Adobe Commerce, it means that the security and privacy controls are enabled out of the box. This setup helps companies using Adobe Commerce prepare for compliance regulations. Software cannot be HIPAA compliant, but it can be HIPAA-ready. By using our enhanced features, Adobe streamlines the process, making it easier for customers to comply with HIPAA regulations. Being HIPAA compliant is achieved through policies, operations, settings, and safeguards put in place by covered entities. Basically, people in your organization, not the software. Once your Adobe Commerce project is provisioned in a HIPAA-ready infrastructure, you’ll need to install the HIPAA-ready extension. This process is well-documented in Experience League, and it can be done using a simple composer require command. At Adobe Commerce, we take HIPAA readiness seriously. Once the healthcare add-on is purchased with your Adobe Commerce license and the business associate agreement is signed, Adobe will then become a business associate, meaning we’ll be required to safeguard the privacy and security of PHI within Adobe Commerce just as our customers are. One method used to enhance this protection is accomplished by logging all PHI movements through an enhanced logging mechanism. In addition to this, Adobe Commerce data services like the data connection, back office events, app builder, and API mesh are now available to customers to build their own internal and external integrations. This opens up a wide range of use cases that can be delivered through Adobe Commerce. The Adobe Commerce HIPAA-ready offering comes with an additional staging environment named staging underscore four underscore support. And this environment is to be used by the Adobe Commerce support team for troubleshooting purposes. A few key things to know about this staging environment is that this environment must not contain any sensitive data like, but not limited to protected health information. It must not be used for any production activities and you must keep the name staging underscore four underscore support and don’t rename it to avoid confusion. Probably the most important thing is that it is also kept up to date with both the code and configuration from your production environment. This is to ensure that troubleshooting is performed in an environment as close to production as possible. A common question that we get from tech leaders during the discovery phase is how HIPAA-ready hosting differs from traditional Adobe Commerce hosting. HIPAA customers are provisioned in a HIPAA-ready region and some features are either not available or may be disabled by default. Things such as the transactional emails sent through SendGrid, guest checkout, newsletters and advanced reporting. Some of these features, they can be re-enabled on your evaluation of your use cases and of course, after consultation with legal counsel. To determine if HIPAA-ready hosting is right for you, consider some of these use cases. Things like direct to consumer medical supplies, requests for equipment or servicing and paying co-pays or insurance premiums. These examples show the versatility that Adobe offers for HIPAA-ready hosting and meeting various business goals. Well, that’s it for this overview of HIPAA-ready hosting for Adobe Commerce. Please continue to learn more about Adobe Commerce here on Experience League as well as all of the other Adobe products.