ÃÛ¶¹ÊÓƵ

DocumentationCommerceData Connection extension for ÃÛ¶¹ÊÓƵ Commerce

HIPAA Readiness for Commerce Services

Last update: Mon Feb 24 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin
  • Leader

The Data Connection extension allows you to share Commerce back office event data with Experience Platform and maintain HIPAA compliance.

IMPORTANT
Because storefront events are generated client-side, it is the merchant’s responsibility not to send storefront event data to Experience Platform.

In this article, you learn:

  • What to install
  • How to ensure data sent to Experience Platform is HIPAA-ready
  • Data encryption in Commerce

Installation

If you purchased the health care add-on for ÃÛ¶¹ÊÓƵ Commerce, you most likely already installed the HIPAA-Ready extension. To ensure that your Commerce back office event data is HIPAA-ready, you also need to install the Data Connection extension with the additional Data Services HIPAA extension. The Data Services HIPAA extension ensures that any back office data you send to Experience Platform is HIPAA-ready. Learn how to install the extension.

IMPORTANT
When you install the Data Services HIPAA extension, storefront event data that is used by Live Search and Product Recommendations is no longer captured. This is because storefront event data is generated client-side. To continue capturing and sending storefront event data, re-enable event collection for these services. See general configuration to learn more.

How to ensure data sent to Experience Platform is HIPAA-ready

All back office event data that the Data Connection extension sends to Experience Platform is considered sensitive within Commerce. However, it is the responsibility of the merchant to apply data usage labels to their Commerce schema in Experience Platform to explicitly identify particular data as sensitive. When you apply data usage labels directly to a schema, those labels are propagated to all existing and future datasets that are based on that schema.

For an overview of data usage labels and their role within the Data Governance framework, see the data usage labels overview in Experience Platform documentation.

Apply data usage labels to Commerce fields

Follow the steps in the manage data usage labels for a schema tutorial to learn how to apply labels to your Commerce schema.

See the glossary of sensitive labels to learn about the available labels you can apply to the fields in your Commerce schema. For example, the label RHD identifies Protected Health Information (PHI) or information about a patient that you are contractually permitted by ÃÛ¶¹ÊÓƵ to upload.

When your Commerce data is labeled as sensitive, you can enforce policies to prevent data operations that constitute policy violations. Learn more about policy enforcement in Experience Platform.

Data encryption in Commerce

ÃÛ¶¹ÊÓƵ Commerce uses block-level encryption. For storage, Commerce uses Amazon Elastic Block Store (EBS). All EBS volumes are encrypted using the AES-256 algorithm, which means that the data is encrypted at rest. Commerce data in transit is conducted over secure, encrypted connections using HTTPS .

IMPORTANT
Commerce does not support column- or row-level encryption or encryption when the data is not at rest or not in transit between servers.

Data encryption in Experience Platform

When merchants send their data to Experience Platform, that data is sent using HTTPS TLS v1.2. Learn more about how Experience Platform encrypts data.

How Commerce handles privacy requests

Learn how Commerce handles privacy requests.

recommendation-more-help
1dd1eb92-da61-46c0-8ff9-3831f21eb23e