Cloud or Data Center? The Best Atlassian Deployment for Healthcare

For healthcare organizations using Atlassian products like Jira or Confluence, navigating the shift to a cloud-first strategy is more important than ever. With Atlassian discontinuing Server support in 2024, organizations must decide whether to migrate to Atlassian Cloud, adopt Data Center, or implement a hybrid approach.

For highly regulated industries like healthcare, compliance, security, and data control are top priorities. The critical question is: Does Atlassian Cloud meet HIPAA requirements, or is Data Center the better choice?

This guide explores your options, addresses HIPAA compliance concerns, and provides expert insights into making the best decision for your organization.

Atlassian Cloud vs. Data Center: What Healthcare Organizations Need to Know

Atlassian Data Center: A Behind-the-Firewall Option

For healthcare organizations needing full control over their infrastructure, Atlassian’s Data Center products offer a self-hosted, behind-the-firewall solution. This is particularly important for organizations that must store PHI/PII in Jira or Confluence but cannot meet compliance requirements in a cloud environment.

Key Advantages of Data Center:

  • Increased Security & Compliance – Full control over hosting, access, and compliance settings.
  • Scalability & High Availability – Load balancing and disaster recovery support.
  • Customization & Integration Flexibility – Ability to customize workflows and integrate with on-premises systems and security tools for enhanced compliance.

Atlassian Cloud’s Compliance and Security Features

Atlassian has made significant investments in security, compliance, and scalability for its Cloud offerings. Jira Software, Jira Service Management, and Confluence on the Enterprise plan are HIPAA-compliant, and Atlassian is prepared to sign Business Associate Agreements (BAAs) for them.

However, Jira Work Management is not HIPAA-compliant, and Atlassian has no plans to certify it. If your organization is not on the Enterprise plan, other considerations, such as Data Loss Prevention (DLP) tools and controlled third-party plugin usage, become essential.

TALK TO AN EXPERT

Key Considerations for Cloud Deployments:

  • HIPAA Compliance – Available on Enterprise plans with a signed BAA.
  • Data Loss Prevention (DLP) Tools – Critical for enforcing PHI/PII storage policies.
  • Third-Party Plugins – Vendors may or may not be HIPAA-compliant; review all Marketplace apps carefully.
  • Process & Policy for Reporting and Remediation – A structured approach is needed to flag, review, and remove PHI. If your organization needs assistance evaluating whether Atlassian Cloud is the right fit, Oxalis can help assess your compliance needs and implementation strategy.

Considerations for Data Center:

  • Higher Hosting & Maintenance Costs – Requires dedicated IT resources and infrastructure investment.
  • User Minimums – Higher licensing costs with a 500-user minimum for Jira Software.

For organizations prioritizing compliance, security, and control, Data Center remains a viable alternative to Cloud, particularly for those not yet ready to fully migrate.

A Hybrid Approach: The Best of Both Worlds?

For organizations looking to balance security and efficiency, a hybrid cloud approach may offer the best of both worlds. This strategy allows teams to use Atlassian Cloud for non-sensitive operations while keeping PHI/PII in a secure Data Center environment.

Common Hybrid Cloud Scenarios:

  1. Customer-Facing Services on Cloud, Internal Systems on Data Center
    • Example: A healthcare IT company uses Jira Service Management on Data Center for handling PHI in customer support requests, while Jira Software and Confluence remain in the Cloud for agile development and knowledge management.
  2. Sensitive Workflows in Data Center, General Operations in Cloud
    • Example: A multi-state healthcare provider operates Quality Management in Jira Cloud, but runs compliance-sensitive projects in Jira Data Center to meet regulatory requirements.

Making the Right Decision for Your Healthcare Organization

Choosing between Atlassian Cloud, Data Center, or a hybrid approach depends on your security needs, compliance requirements, and IT infrastructure.

  • If you need a fully managed solution with built-in compliance, Atlassian Cloud (Enterprise Plan) is a strong option.
  • If you require full control over data storage, security, and compliance policies, Atlassian Data Center is the better fit.
  • If you want flexibility, a hybrid approach offers tailored security and scalability.

Atlassian’s Compliance Roadmap

The chart below details current and future Cloud compliance standards according to the Atlassian Cloud compliance roadmap.

UPDATESTATUSTIMEFRAME
FedRAMP Moderate Authority to Operate (ATO)Coming SoonQ2-Q3 2025
FedRAMP Moderate Security Assessment and Agency ReviewCompletedQ4 2024
HIPAA eligibility expansionReleasedQ3 2023
Notifications for HIPAA customersReleasedQ3 2023
WCAG (Web Content Accessibility Guidelines) Level ‘A’ReleasedQ1 2024
TISAX level 2 complianceReleasedQ3 2023
IRAP ComplianceFuture2026
C5 ComplianceFuture2026
BYOK Compliance in Copy Product DataReleasedQ2 2024
Accessibility Support in Primary ExperiencesFuture2025
SOC 2 Compliance for Rovo and AIReleasedQ4 2024
Usage limits monitoring for RovoReleasedQ4 2024
Atlassian Cloud Migration Playbook

Oxalis’ Proven Methodology: Your Atlassian Cloud Migration, Simplified

As your trusted Atlassian Cloud Migration advisors, we’ve distilled our extensive experience into a step-by-step eBook. Whether you’re transitioning from Server or Data Center, this guide covers every aspect of your journey.

How Oxalis Can Help

At Oxalis, we specialize in helping healthcare organizations navigate Atlassian deployments while ensuring compliance with HIPAA and other regulatory frameworks. Our team provides:

  • Compliance Assessments – Evaluating Cloud vs. Data Center fit for your organization.
  • Architecture & Deployment Strategy – Implementing secure, scalable solutions.
  • Hybrid Cloud Solutions – Designing an optimal mix of Cloud and Data Center products.
  • Security & Compliance Best Practices – Ensuring ongoing HIPAA compliance and data protection.

Need expert guidance on your Atlassian deployment? Contact Oxalis today to explore the best path forward for your healthcare organization.

TALK TO AN EXPERT

Is Jira HIPAA Compliant? What Healthcare Organizations Need to Know

For healthcare organizations and businesses handling protected health information (PHI), compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a fundamental requirement. However, as organizations increasingly adopt modern cloud-based collaboration and service management tools, ensuring compliance becomes more complex. Atlassian’s suite of products—particularly Jira and Confluence—offers powerful solutions for enterprise teams, but are they suitable for HIPAA-compliant environments? This guide breaks down the current state of Atlassian’s HIPAA compliance, comparing Cloud and Data Center deployment options and providing best practices for maintaining compliance.

What You’ll Learn

  • An overview of HIPAA compliance
  • The HIPAA compliance status of Jira and Confluence Cloud
  • The HIPAA compliance considerations for Jira and Confluence Data Center
  • Best practices for using Jira in HIPAA-compliant environments

Is Jira HIPAA-Compliant?

HIPAA compliance is a critical concern for healthcare organizations and any entity handling protected health information (PHI). Atlassian has made strides in ensuring HIPAA compliance for select products. As of February 2023, Atlassian has implemented HIPAA compliance for specific Cloud products on its Enterprise plan. Additionally, Atlassian Data Center products continue to provide a self-hosted alternative for organizations that require full control over their compliance framework.

However, achieving HIPAA compliance is not solely about using a compliant product. Organizations must ensure their hosting, access controls, and plugin usage align with their HIPAA compliance program.

Interested in learning more about HIPAA compliance with Atlassian? Oxalis can help guide you through the decision-making and implementation process. Contact us below to get in touch. Keep reading to learn more about which Atlassian products are now HIPAA-compliant.

Get In Touch Today

Are Jira and Confluence Cloud HIPAA-Compliant?

The short answer: partially. Atlassian provides HIPAA compliance for select Cloud products, but only under its Enterprise plan. Atlassian is also prepared to sign Business Associate Agreements (BAAs) for the following products:

  • Jira Software Cloud
  • Jira Service Management Cloud
  • Confluence Cloud

Notably, Jira Work Management is not HIPAA-compliant, and Atlassian has no current plans to make it so. Organizations using non-Enterprise Cloud plans should anticipate future expansions of HIPAA compliance, but currently, only Enterprise customers can fully leverage HIPAA protections.

For organizations considering Atlassian Cloud, it is essential to follow Atlassian’s HIPAA Implementation Guide to configure their environment properly.

Is Jira/Confluence Data Center HIPAA Compliant?

The answer: it depends on your hosting strategy.

Atlassian Data Center offers a viable solution for organizations handling PHI, as it can be self-hosted or managed by a healthcare-oriented Managed Service Provider (MSP). This model provides greater control over compliance policies, security configurations, and access permissions. When properly implemented, Jira and Confluence Data Center can be part of a HIPAA-compliant infrastructure.

Organizations should ensure their Data Center deployment includes:

  • Secure hosting (on-premises or through an MSP with HIPAA safeguards)
  • Role-based access controls and audit logging
  • Regular security assessments and compliance audits

If you’re deciding between Cloud and Data Center for HIPAA compliance, our article Atlassian Cloud vs. Data Center: Which is Better for Healthcare Organizations? provides a detailed comparison.

Talk With an Expert

Regardless of whether you use Atlassian’s Cloud or Data Center products, we recommend the following:

  • Ensure your infrastructure’s configuration and controls (internally hosted or managed by an MSP) are aligned with your organization’s HIPAA Compliance Program.
  • Leverage a Data Loss Prevention (DLP) tool to keep PHI/PII out of your system, and eliminate it if found.
  • Analyze which plugins you intend to use, and whether the third party vendor is considered a business associate subject to a BAA.
  • Consider your options for remediating PHI/PII accidentally stored in issue data/history, pages, and attachments.

For an in-depth review, check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?

Best Practices for HIPAA Compliance with Atlassian Products

Regardless of whether you choose Atlassian Cloud or Data Center, ensuring HIPAA compliance requires careful planning. Oxalis recommends the following best practices:

  1. Align Hosting and Configuration with HIPAA Requirements
    Ensure your Cloud or Data Center infrastructure aligns with your organization’s HIPAA compliance program.
  2. Use a Data Loss Prevention (DLP) Tool
    Implement a DLP solution to prevent PHI from being stored inadvertently and ensure it is removed when necessary.
  3. Evaluate Third-Party Apps and Plugins
    Review third-party apps and integrations to determine if vendors qualify as business associates and require a BAA.
  4. Develop a Remediation Plan for PHI Storage
    Establish procedures for identifying and removing PHI/PII that may have been accidentally stored in issues, pages, or attachments.

How Oxalis Can Help

At Oxalis, we understand that security and compliance are critical for healthcare organizations. Our team has extensive experience helping organizations determine whether Atlassian Cloud or Data Center is the right fit for their HIPAA compliance needs. We provide expert guidance on implementation, configuration, and ongoing compliance management.

If you need assistance navigating HIPAA compliance with Atlassian products, contact Oxalis today to schedule a consultation with our experts.

To learn more about making the right choice for your organization, download our whitepaper: Atlassian Cloud vs. Data Center: Key Considerations for Enterprise, Compliance-Heavy Organizations.

Recommended blog posts

Sana Benefits: Delivering Better Healthcare with Atlassian Cloud

The Challenge: Migrating to the Cloud with Compliance in Mind

Sana Benefits needed to move its Jira Software, Confluence, and Jira Service Management (JSM) environments to the Atlassian Cloud while maintaining HIPAA compliance. The transition required:

  • Regulatory Compliance: Ensuring sensitive health data remained protected throughout the migration.
  • Complex Data Environment: Migrating a highly customized Jira and Confluence setup with plugins and workflows.
  • Change Management: Training employees and preparing them for the new cloud-based experience.
  • Minimal Disruption: Executing a seamless migration without impacting daily operations.

The Solution: A Strategic, Secure, and Seamless Migration

Oxalis led an 8-week structured migration approach that ensured compliance, minimized risk, and maximized efficiency. The key phases included:

1. Current State Mapping & Gap Analysis

  • Conducted a comprehensive assessment of workflows, plugins, and data usage.
  • Identified non-migratable data and developed remediation strategies.

2. Migration Strategy Development

  • Created a clear roadmap for data transfer, testing, and user validation.
  • Designed a communication plan to keep all stakeholders informed.

3. HIPAA-Compliant Cloud Implementation

  • Assisted with the Business Associate Agreement (BAA) process.
  • Procured Atlassian Cloud licenses and configured Atlassian Guard for enhanced security.
  • Implemented Single Sign-On (SSO) and user provisioning via G Suite.

4. Technical Testing & Dry Runs

  • Conducted rigorous technical testing and two dry runs to validate processes.
  • Allowed users to test data in a sandbox environment before final migration.
  • Provided comprehensive Atlassian Cloud training to ensure a smooth transition.

5. Production Migration

  • Executed the migration during off-hours to minimize operational impact.
  • Ensured data integrity and system readiness.

6. Post-Migration Support & Adoption

  • Delivered post-migration support to address user concerns and optimize workflows.

The Results: A Faster, More Secure, and Cost-Effective Future

By partnering with Oxalis, Sana Benefits successfully migrated to Atlassian Cloud on time and within budget. The transformation delivered:

  • Cost Optimization – Reduced infrastructure and licensing costs with Atlassian Cloud.
  • Enhanced Security & Compliance – Maintained HIPAA compliance while leveraging Atlassian’s latest security features.
  • Improved User Experience – Employees gained access to cutting-edge Atlassian features, enhancing productivity.
  • Operational Efficiency – Eliminated server maintenance and streamlined IT operations.
  • Successful Change Management – Employees adapted quickly thanks to structured training and communication.


“The engineering teams saw improvements in cycle times with a median cycle time of 24 hours for bugs and under 5 days for stories.”
— James Cadena, Director of Information Security, Sana Benefits

Unified Atlassian services


Making Healthcare Easy with Atlassian Cloud

Founded in 2017, Sana Benefits is dedicated to making healthcare easy and accessible for small and medium-sized businesses.

With over 30,000 members and more than $320 million saved in medical billing, Sana offers affordable health plans that empower businesses to provide better care. As the company scaled, it relied on Atlassian’s Data Center products to maintain compliance with HIPAA regulations while fostering collaboration across its teams.

When Atlassian Cloud achieved HIPAA compliance, Sana recognized an opportunity to enhance efficiency, reduce costs, and gain access to the latest features by transitioning from Data Center to Cloud.

To ensure a seamless migration, they partnered with Oxalis Solutions, an Atlassian Platinum Solution Partner specializing in cloud transformations for highly regulated industries.

  • Industry: Healthcare & Insurance
  • Location: Austin, TX
  • Company Size: 160+ Employees

THE CHALLENGE

  • HIPAA-compliant migration from Atlassian Data Center to Atlassian Cloud

THE TOOLS

  • Jira Software
  • Confluence
  • Jira Service Management (JSM)
  • Atlassian Guard

THE SOLUTION

  • Atlassian Cloud Migration
  • Change Management
  • Knowledge Management
  • Training

Moving Forward with Atlassian Cloud

With the migration complete, Sana Benefits is now equipped with a scalable, secure, high-performing cloud infrastructure supporting its mission to make healthcare easier. The company continues to innovate, leveraging Atlassian Cloud to enhance collaboration, streamline processes, and deliver exceptional service to small businesses across the country. Oxalis offers deep expertise in secure and compliant Atlassian Cloud migration for the healthcare industry.

Want to learn more about Atlassian Cloud Migration for Healthcare companies? Connect with Oxalis Solutions today!