commercetools (credit image/Pexels/Mart productions)commercetools has launched commercetools for Healthcare, its new HIPAA-compliant and HDS-certified solution. The innovation enables healthcare companies worldwide to create and deliver exceptional, secure commerce experiences for their customers at scale.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection in the US. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
HIPAA applies to international businesses under certain circumstances. When a business operating outside of the US, works with companies that have access to the health information of US residents, HIPAA is required.

commercetools says its healthcare solutions is the first composable commerce solution that securely processes PHI under a BAA framework. This allows healthcare and life sciences companies to sell online in the US and France while complying with data regulations.

By leveraging a composable commerce approach, healthcare companies are able to ensure regulatory compliance and industry-leading security for sensitive data. commercetools says they can create modern and unique customer experiences. Improving revenue-generating opportunities and enhancing efficiency through automations and seamless systems integrations for interoperability.

Capabilities and features of new solution

The solution is built on commercetools’ market-leading composable commerce platform, the capabilities and features of the new solution include:

  • HIPAA compliance is ensured through commercetools’ Business Associate Agreement (BAA) framework, enabling the secure processing of Protected Health Information (PHI) in the US market. To achieve compliance, commercetools underwent third-party security risk assessments and formal external compliance audits for HIPAA, SOC 2 Type 2, HDS certification, Cyber Essentials, and TISAX Level 2. The company also follows established frameworks like HITRUST CSF and NIST 800-30 Rev 1. commercetools maintains an ISO 27001 certified information security management system, implementing technical, administrative, and physical controls that adhere to the principle of minimum necessary authorization and access to systems and data. Additionally, all employees undergo mandatory HIPAA and HDS training, which includes a required test.
  • Premium Audit Log is provided for detailed logging of all systems and activities.
  • Dedicated data storage spaces that offer enhanced security.
  • HDS certification is ensured as it is a requirement by the French public health code for handling PHI.

commercetools supporting modern customer experience

(credit image/LinkedIn/Mike Sharp)
Mike Sharp, commercetools Chief Product Officer

According to Mike Sharp, Chief Product officer at commercetools, “Just as trust and security are paramount in the healthcare industry. So are seamless, modern customer experiences. We are proud to introduce commercetools for Healthcare to the market. The first and only truly composable solution able to securely process PHI under a BAA framework. This solution is a game-changer for healthcare companies as they can now reap the benefits of composable commerce while keeping PHI safe and secure.”

Netherlands-based Vision Healthcare is a consumer healthcare platform with over 75 brands and 5,000 SKUs across 44 different markets. The company faced challenges with scaling and handling order volume on its in-house platform. Vision Healthcare turned to commercetools’ Composable Commerce platform to unify the tech stack across all of its brands. Through commercetools, Vision Healthcare was able to scale its business across markets, reduce IT maintenance costs and strain on resources. Furthermore, they were able to implement new customer experiences like a loyalty programme, and 16 new websites.

Enterprise Times: What this means for businesses

The beauty of composable commerce is that it enables businesses to concentrate on the customer experience. They no longer have to worry about IT infrastructure issues such as environments, hosting support or release management. This can be particularly challenging for enterprises managing multiple brands and products across different retail segments on sectors. The opportunity of having sector specific solutions which are also composable appears to be a no-brainer for many enterprises. commercetools again appear to be the first out the blocks offering such a solution in the highly regulated world of healthcare.

There is a further complication of US and international compliance standards. If an organisation creates, receives, transmits, or stores patient-protected health information (PHI) on behalf of healthcare clients. The organisation is defined as a business associate, and HIPAA applies. As a result, commercetools was required to ensure its healthcare solution was HIPAA compliant.


Please enter your comment!
Please enter your name here