Atlassian Cloud Enterprise is HIPAA Compliant

Posted on 02.16.2022
-
Written by Robin Maxwell
-

What does this mean for Healthcare providers holding PHI and PPI Data?

On February 2nd 2022, Atlassian announced HIPAA compliance for their Jira Software Cloud Enterprise and Confluence Cloud Enterprise products. With the introduction of this service, organizations with access to PHI can now use Atlassian Cloud to store and manage their sensitive data.

Atlassian will make use of Business Associate Agreements (BAA) to facilitate HIPAA compliance. Organizations must enter into a BAA before giving access to or disclosing any PHI to Atlassian Cloud.

Jira Software Cloud Enterprise and Confluence Cloud Enterprise will offer built-in security controls and processes that are compliant with HIPAA.

This is a potential game changer for Healthcare and data sensitive companies. Prior to this announcement, organizations managing PHI were unable to provide or store data in the Atlassian Cloud. Instead they needed to rely on self managed servers with complex Data Loss Prevention tools to scrub their instances of PHI and prevent data contamination. While some organizations may want to continue with hardened Data Loss Prevention techniques and tools as a precaution, others may want to establish a compliant domain. Hybridized solutions can also be used for integrations between server and cloud. Oxalis has successfully delivered these kinds of solutions for multiple healthcare providers and has deep experience in this field.

What is HIPAA Compliance?

Jira HIPAA compliance

The Health Insurance Portability and Accountability Act, is a regulation made by the U.S. Department of Health and Human Services. This
regulation is focused on safeguarding the privacy and security of individuals’ Protected Health Information and covers areas such as

  • Privacy and security measures for protecting PHI
  • Assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rule requirements
  • An annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
  • The regular review and retention of HIPAA Privacy and Security policies and procedures
  • Privacy and security awareness content regarding the protection of PHI, and
  • The designation and role definition of a HIPAA Privacy and Security Officers

HIPAA has established high standards to protect the security, integrity, and confidentiality of an individual’s Protected Health Information (PHI). This is achieved through various administrative, physical, and technical safeguards, including:

  • Descriptions of permitted use cases of PHI
  • Commitments to not use or further disclose PHI other than as permitted by the contract or as required by law;
  • The use of appropriate measures and safeguards to prevent inappropriate PHI use or disclosure

Next Steps

To qualify for Cloud HIPAA compliance your organization must utilize an Enterprise product and enter into a BAA Business Associate Agreement (BAA) with Atlassian. Oxalis can help you request a BAA and determine your eligibility.

The following products are not currently covered by the BAA but may be road mapped by Atlassian soon:

  • Any Cloud product other than Confluence Cloud Enterprise or Jira Software Cloud Enterprise
  • The Cloud Standard or Cloud Premium editions of Jira Software and Confluence

As a Solution Partner, Oxalis is positioned to provide you with the best value license arrangement and can optimize your Atlassian products so that you reap the most benefit from your software subscriptions.

Other things you need to know

Marketplace apps and Jira Service Management are not yet included in the HIPAA Compliant offering. Atlassian customers will need to individually assess each app that handles PHI to determine if they are HIPAA compliant. Oxalis can provide assistance with App assessment and provide workarounds via customized plugins and specialized support.

Want to find out more?

Please get in touch. Oxalis specializes in high compliance implementations of Atlassian products for Healthcare organizations. We’ll ensure you get the maximum value from your Atlassian services and secure your organization against the risk of HIPAA exposure. Check Atlassian’s guide & Atlassian’s HIPAA requirements guide to learn more about HIPAA compliance.

Get more information

Feel free to request services via the form below.

Get the conversation started!

Feel free to send us a message in the form below. We’re very approachable and would like to talk more about how we can meet your needs: