Every HIPAA eCommerce business wants to protect the information they store on servers, whether it's on-site or on the cloud (or hybrid). It might be proprietary designs, customer leads, credit card information, or a host of other data that has to be properly secured.
CEs across the healthcare industry also want to protect all this information, but there's one addition: CEs are legally required to protect the ePHI that's in their care. From a private practice with one doctor to multi-state hospital systems, it is the responsibility of the CE to provide protection for the information they collect or have access to. Failing to do so may lead to government-imposed fines, but it will also erode public trust once the news gets out about a HIPAA breach. It's also important to choose a HIPAA web hosting provider that makes a log of every time a file was accessed, which is part of the HIPAA Privacy Law.
Such detailed tracking and proof of security can help alleviate your responsibility if a breach occurs. If you showed a reasonable effort to protect the information, it's possible that HIPAA officials won't even find you at fault.