Atlassian HIPAA Compliance
Safely store and manage PHI data in Atlassian Cloud Enterprise
Jira Software, Jira Service Management, and Confluence Cloud Enterprise* are now HIPAA compliant, so companies can use these Atlassian Cloud tools to store and manage PHI data.
As more companies embrace digital transformation, they are increasingly turning to cloud solutions to gain a competitive advantage. Recognizing this, Atlassian continues to enhance its Cloud offerings, including critical areas like security and compliance. Atlassian recently announced that Jira Software Cloud Enterprise and Confluence Cloud Enterprise* are in compliance with the Health Information Portability and Accountability Act (HIPAA). This means companies in healthcare and related industries that store and manage protected health information (PHI) data now have the option of implementing and migrating to these tools.
*Only the Cloud Enterprise versions of Jira Software, Jira Service Management, and Confluence are HIPAA compliant.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal statute developed by the U.S. Department of Health and Human Services designed to protect the privacy and security of an individual’s Protected Health Information (PHI).
HIPAA prohibits healthcare providers and healthcare businesses, called covered entities, from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent.
HIPAA compliance isn’t just for healthcare companies—any company that stores or manages PHI is required to be HIPAA compliant.
Which Atlassian products are HIPAA compliant?
- New! Jira Service Management Cloud Enterprise
- Jira Software Cloud Enterprise
- Confluence Cloud Enterprise
What does Atlassian mean when they say these products are HIPAA compliant?
Atlassian provides comprehensive privacy and security protections that enable its customers to operate its products in compliance with HIPAA. These include:
- Security measures for protecting PHI
- Assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
- An annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
- The regular review and retention of HIPAA Security policies and procedures
- Security awareness content regarding the protection of ePHI
- The designation and role definition of a HIPAA Security Officer
How does Atlassian meet HIPAA requirements?
Atlassian works with an independent, third party on an annual basis to verify that it has the necessary controls and practices in place to satisfy HIPAA requirements, and ensure all the required regulations are being adhered to. This includes requirements around risk management, workforce security, information access management, incident response management, security and privacy responsibilities, security awareness and training, contingency planning, business associate contracts, physical security and endpoint controls, policies and procedures, and transmission security.
Atlassian has a chart on its website that explains in detail how they meet each of these requirements.
Implementing a HIPAA-Compliant Atlassian Instance
If your organization is subject to HIPAA compliance, and you are using or are planning to use Atlassian Jira Software, Confluence, or Jira Service Management to create, send, receive, or maintain PHI, you must purchase an Enterprise-level plan and enter into a Business Associate Agreement with Atlassian that covers the applicable products and services.
You must also make sure your instance is set up properly so that you can use it in a HIPAA compliant way. To help you meet this need, Atlassian provides a HIPAA Implementation Guide. You can also reach out to us here at Isos Technology, and we would be happy to lend our expertise to help you navigate this important and complex regulatory landscape.
- Explore The Atlassian Trust Center Compliance Resource Center to see all their certifications.
- Learn more about Atlassian and HIPPA compliance on the Atlassian HIPAA landing page.
- View the chart to explore in detail each HIPAA requirement and how Atlassian is meeting it.
- Explore the Atlassian Cloud Roadmap to learn what’s next for Atlassian and HIPAA compliance.
- Read the HIPAA Implementation Guide to learn how to use Atlassian tools in a HIPAA-compliant way.
How Isos Technology Can Help
Whether you’re moving from legacy software to Atlassian tools, or migrating from an on-prem solution to Cloud, Isos Technology is your trusted partner for technology services and support. As an Atlassian Platinum Solution Partner, 2020 Atlassian Partner of the Year: ITSM, and 2019 Atlassian Partner of the Year: Enterprise, we have extensive experience performing implementations and migrations of all kinds.
Read more about how Isos Technology has helped companies in healthcare and related industries.
Want to know more? Speak to an Isos expert about Atlassian HIPAA compliance and what that means for your business.