<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=299788&amp;fmt=gif">
Skip to content

Atlassian-+-HIPAA

Hot off the press! We're excited to announce that two Atlassian offerings, Jira SoftwareCloud Enterprise and Confluence Cloud Enterprise, are now HIPAA compliant. This is great news for regulated industries that have not been able to take advantage of Atlassian Cloud previously due to HIPAA requirements.

 

Why HIPAA Compliance Matters for Atlassian Customers 

Atlassian has been making big investments in their Cloud products across the board, including creating an environment that meets the demands of their customers' compliance and security requirements.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was put in place to protect the privacy and security of an individual’s Protected Health Information (PHI). Any company that manages PHI must be in compliance with HIPAA, regardless of what industry its in. Unlike other industry-specific regulations, HIPAA compliance isn’t dependent on the field you work in, but the type of data your organization manages.

Without compliance, companies that manage PHI would not be able to store that data in Atlassian Cloud. 

 

What is HIPAA?

HIPAA is a U.S. federal law developed and introduced by the U.S. Department of Health and Human Services in 1996. Since then, it's been extended several times and had additional rules mandated that were not included in the original law. It was created with the purpose of protecting the privacy and security of an individual’s Protected Health Information (PHI). These safeguards are accomplished through several administrative, physical, and technical processes, including:

  • Privacy and security measures for protecting PHI

  • Assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rule requirements

  • An annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis

  • The regular review and retention of HIPAA Privacy and Security policies and procedures

  • Privacy and security awareness content regarding the protection of PHI

  • The designation and role definition of a HIPAA Privacy and Security Officer

HIPAA compliance does not depend on the industry an organization is in, but rather the type of data it administers. Below are examples of organizations that come into contact with PHI: 

  • Organizations that provide services or products used to provide medical treatment or collect health information about individuals or groups of individuals 

    • Health plans

    • Healthcare clearinghouses: Third-party systems that interpret claim data between provider systems and insurance payers

    • Healthcare providers

  • Organizations that create, receive, maintain, or transmit PHI on behalf of the above-mentioned customers, including:

    • Cloud providers to the customers above, like Atlassian (i.e., a “Business Associate”)

    • Service providers or subcontractors of a Business Associate (e.g., AWS for Atlassian)

Atlassian and HIPAA - What You Need to Know

It's important for organizations that are subject to HIPAA compliance and want to use Atlassian's Cloud offering to understand the following: 

  • HIPAA Compliance applies to Atlassian's Jira Software Cloud Enterprise and Confluence Cloud Enterprise plans ONLY. No other tools or Cloud plans are HIPAA compliant at this time. 
  • Jira Service Management is NOT HIPAA compliant at this time. However, it is on Atlassian's roadmap. 
  • Atlassian Marketplace apps are not currently HIPAA compliant.
  • Organizations that require HIPAA compliance must enter into a Business Associate Agreement (BAA) with Atlassian.
  • The BAA terms require that Atlassian:
    • Describe the permitted use cases of PHI
    • Commit to not use or further disclose PHI other than as permitted by the contract or as required by law;
    • Use appropriate safeguards to prevent inappropriate PHI use or disclosure

 

How Isos Technology Can Help

Migrating to Atlassian Cloud is no small feat. It can be a complicated process, especially for organizations with large amounts of data, users, and instances. If you are just starting your Cloud migration journey, I highly recommend reading this blog post, "Prepping for your Atlassian Ground to Cloud Migration," by our very own Solutions Engineer, Nick Nader, and reaching out to Isos Technology for help.

I cannot stress enough how important it is to reach out to a Solution Partner to gain an understanding of Atlassian Cloud and the Cloud migration process. Isos can guide you through what Atlassian's new HIPAA compliance means for your organization, and help you choose the best Cloud offerings for your business. Contact us today to discuss your organization's needs and options. 

For more information, visit Atlassian's HIPAA resource page. 

New call-to-action

See More From These Topics