What does this mean for Healthcare providers holding PHI and PPI Data?
On February 2nd 2022, Atlassian announced HIPAA compliance for their Jira Software Cloud Enterprise and Confluence Cloud Enterprise products. With the introduction of this service, organizations with access to PHI can now use Atlassian Cloud to store and manage their sensitive data.
Atlassian will make use of Business Associate Agreements (BAA) to facilitate HIPAA compliance. Organizations must enter into a BAA before giving access to or disclosing any PHI to Atlassian Cloud.
Jira Software Cloud Enterprise and Confluence Cloud Enterprise will offer built-in security controls and processes that are compliant with HIPAA.
This is a potential game changer for Healthcare and data sensitive companies. Prior to this announcement, organizations managing PHI were unable to provide or store data in the Atlassian Cloud. Instead they needed to rely on self managed servers with complex Data Loss Prevention tools to scrub their instances of PHI and prevent data contamination. While some organizations may want to continue with hardened Data Loss Prevention techniques and tools as a precaution, others may want to establish a compliant domain. Hybridized solutions can also be used for integrations between server and cloud. Oxalis has successfully delivered these kinds of solutions for multiple healthcare providers and has deep experience in this field.
What is HIPAA Compliance?
The Health Insurance Portability and Accountability Act, is a regulation made by the U.S. Department of Health and Human Services. This
regulation is focused on safeguarding the privacy and security of individuals’ Protected Health Information and covers areas such as
HIPAA has established high standards to protect the security, integrity, and confidentiality of an individual’s Protected Health Information (PHI). This is achieved through various administrative, physical, and technical safeguards, including:
To qualify for Cloud HIPAA compliance your organization must utilize an Enterprise product and enter into a BAA Business Associate Agreement (BAA) with Atlassian. Oxalis can help you request a BAA and determine your eligibility.
The following products are not currently covered by the BAA but may be road mapped by Atlassian soon:
- Any Cloud product other than Confluence Cloud Enterprise or Jira Software Cloud Enterprise
- The Cloud Standard or Cloud Premium editions of Jira Software and Confluence
As a Solution Partner, Oxalis is positioned to provide you with the best value license arrangement and can optimize your Atlassian products so that you reap the most benefit from your software subscriptions.
Other things you need to know
Marketplace apps and Jira Service Management are not yet included in the HIPAA Compliant offering. Atlassian customers will need to individually assess each app that handles PHI to determine if they are HIPAA compliant. Oxalis can provide assistance with App assessment and provide workarounds via customized plugins and specialized support.
Want to find out more?
Please get in touch. Oxalis specializes in high compliance implementations of Atlassian products for Healthcare organizations. We’ll ensure you get the maximum value from your Atlassian services and secure your organization against the risk of HIPAA exposure. Check Atlassian’s guide & Atlassian’s HIPAA requirements guide to learn more about HIPAA compliance.
Get more information
Feel free to request services via the form below.