[Last Updated: October 2025]
Adobe continues to innovate and adapt to meet the needs of our customers in the healthcare industry to serve their specific privacy and security needs.
Health Insurance Portability and Accountability Act
The HIPAA Privacy, Security, and Breach Notification Rules establish important protections for individually identifiable health information known as Protected Health Information (PHI).
Under HIPAA, a covered entity is a healthcare provider, health plan, or a healthcare clearinghouse. A business associate is an entity that provides services to a covered entity that involves access to PHI. The HIPAA Privacy and Security Rules require that a covered entity obtain written assurances from a business associate in the form of a Business Associate Agreement (BAA) requiring the business associate to safeguard the privacy and security of the Covered Entity’s PHI.
Providing PHI to Adobe
Adobe acts as a Business Associate for its HIPAA-Ready Services, which are listed below.
Customers that license any Adobe HIPAA-Ready Service to process PHI must have the correct license and a signed BAA with Adobe. Customers are not permitted to create, receive, maintain, or transmit PHI through Adobe products and services that are not designated as a HIPAA-Ready Services or without the appropriate license to use a HIPAA-Ready Service.
The current list of HIPAA-Ready Services include:
- Adobe Acrobat Sign
- Adobe Acrobat Sign for Government
- Adobe Commerce on Cloud
- Adobe Commerce on Managed Services
- Adobe Connect Managed Services
- Adobe Customer Journey Analytics (excluding CJA Labs)
- Adobe Experience Manager as a Cloud Service
- Adobe Experience Manager Managed Services
- Adobe Journey Optimizer (including Sinch SMS and Sinch MMS)
- Adobe Marketo Engage
- Adobe Real-time Customer Data Platform B2C Prime and Ultimate Editions
- Adobe Real-time Customer Data Platform B2P (Consumer Audiences) Prime and Ultimate Editions
- Adobe Workfront
More information about how Adobe Experience Cloud solutions can be used in healthcare business scenarios can be found in the Adobe Experience Cloud for Healthcare Solutions Overview on the Adobe Trust Center.
HIPAA Shared Responsibilities
Adobe HIPAA-Ready Services rely on a shared responsibility security model, requiring the customer and Adobe each to bear distinct responsibilities for maintaining the security of PHI. Under this shared security model, Adobe relies on the customer to use and configure the HIPAA-Ready Services consistent with HIPAA.
Note: Adobe Commerce on Cloud and Adobe Commerce on Managed Services are subject to the Adobe Commerce Shared Responsibility Security Model.
HIPAA Configuration Recommendations
Some Adobe HIPAA-Ready Services provide configuration recommendations to assist customers in implementing their solution. Configuration recommendations are available here:
For more information on executing an Adobe BAA for HIPAA-Ready Services, please contact your Adobe sales representative or customer success manager.
Disclaimer: Customer is responsible for their use of Adobe HIPAA-Ready Services and for ensuring that the Adobe HIPAA-Ready Services meet their compliance requirements.