HIPAA-Enabled Compliance Across Commerce Channels
Healthcare and life sciences brands can finally embrace a Composable Commerce approach knowing that systems are secure and HIPAA-ready.
Elastic Path is the only HIPAA-enabled MACH Commerce Solution
Finally, you can deliver the commerce experiences your customers expect with the only API-first, composable HIPAA-ready platform on the market.
We're here to be a partner in safeguarding your highly-sensitive, protected health information so you can save time on security evaluations and more time creating innovative health-protected commerce experiences your customers demand.
Health Insurance Portability and Accountability Act Security Standards (HIPAA Security Rule) ensure the confidentiality, integrity, and availability of all protected health information (PHI) a business creates, receives, maintains, or transmits. It also protects against security threats or hazards, disclosure of the information, and compliance among its workforce.
Any type of organization that creates, receives, or manages protected health information needs to be HIPAA compliant. Healthcare and life science brands are covered entities or “business associates” under HIPAA. Any entity that works with these “business associates” must also adhere to HIPAA regulations to safeguard PHI.
Under HIPAA regulations, eCommerce service providers such as Elastic Path may be considered business associates in some circumstances. The Business Associate Addendum (BAA) is an Elastic Path Commerce Cloud contract that is required under HIPAA regulations to ensure that Elastic Path Commerce Cloud appropriately safeguards PHI. The BAA also serves to clarify and limit the permissible uses and disclosures of PHI by Elastic Path Commerce Cloud. But only to the extent of the services in which Elastic Path provides.
Yes, a standard BAA is available for you with Elastic Path. Click this link to get started.
It does not. The Elastic Path BAA helps support your HIPAA compliance, but the solution Elastic Path Commerce Cloud does not on its own achieve it. Your organization is responsible for ensuring compliance and taking the appropriate internal processes to align with HIPAA.
By completing the Independent Practitioner’s Report assessing compliance with HIPAA and the HITECH Breach Notification Requirements, Elastic Path Commerce Cloud solution can now be used to build HIPAA compliant applications.
Healthcare and life sciences brands now have the assurance that their applications are HIPAA-ready by partnering with Elastic Path. This means they can finally embrace a Composable Commerce approach, delivering differentiated commerce and merchandising experiences their customers expect.
Yes, a copy of the report is available to organizations through an NDA.