Things you’ll learn
- Overview of HIPAA compliance
- Is Jira/Confluence cloud HIPAA Compliant?
- Is Jira/Confluence Data Center HIPAA Compliant?
Using Jira in HIPAA-compliant environments
Is Jira HIPAA Compliant? Summary: Atlassian completed HIPAA compliance for some products (see below) in February, 2023. Atlassian’s Data Center products, if properly hosted, continue to provide an additional path to host behind-the-firewall. Regardless of hosting strategy, plugin usage and permission schemes should be considered as part of your HIPAA Compliance Program.
Interested in learning more about HIPAA compliance with Atlassian? Oxalis can help guide you through the decision-making and implementation process. Contact us below to get in touch. Keep reading to learn more about which Atlassian products are now HIPAA-compliant.
Are Jira and Confluence Cloud HIPAA-Compliant?
The short answer: partially. The following Cloud products have been certified as HIPAA-compliant on the Enterprise plan, and Atlassian is prepared to sign Business Associate Agreements for them:
- Jira Software
- Jira Service Management
Note that Jira Work Management is not HIPAA-compliant, and as of March, 2023, Atlassian has no plans to make it so. Non-Enterprise customers, however, can expect Atlassian to expand HIPAA compliance sometime later in 2023.
If you have, or can upgrade to, the Enterprise Cloud plan, see Atlassian’s HIPAA Implementation Guide for more detail on HIPAA-compliant use of Atlassian products, including how to enter into a Business Associate Agreement with them.
Is Jira/Confluence Data Center HIPAA Compliant?
The short answer: HIPAA Compliance for Atlassian Data Center depends heavily on your hosting strategy.
Atlassian Data Center is an option for organizations that must store PHI/PII in Jira or Confluence, as the Jira and Confluence Data Center editions can be hosted on your own servers or through a healthcare-oriented Managed Service Provider (MSP). This is a common path for healthcare organizations as it grants greater control over the processes, policies, and controls that comprise your HIPAA compliance program.
If you’re not sure whether Cloud or Data Center is the better fit for your organization,check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?
Regardless of whether you use Atlassian’s Cloud or Data Center products, we recommend the following:
- Ensure your infrastructure’s configuration and controls (internally hosted or managed by an MSP) are aligned with your organization’s HIPAA Compliance Program.
- Leverage a Data Loss Prevention (DLP) tool to keep PHI/PII out of your system, and eliminate it if found.
- Analyze which plugins you intend to use, and whether the third party vendor is considered a business associate subject to a BAA.
- Consider your options for remediating PHI/PII accidentally stored in issue data/history, pages, and attachments.
For an in-depth review, check out our article Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?
How Oxalis Can Help
At Oxalis, security and compliance are embedded in everything that we do. We believe that healthcare organizations no longer have to give up modern, usable, and efficient tools to remain compliant. Our team can help you understand whether Atlassian Cloud or Data Center is a better fit for your organization based on your HIPAA compliance program. Then we can help you craft the implementation and sustainment plan to get you there.
Contact us today to set up time to chat with an expert. To learn more about how to plan a path forward with your Atlassian products, please download a copy of Oxalis’ whitepaper, Atlassian Cloud vs Data Center: Key Considerations for Enterprise, Compliance-Heavy Organizations.
Recommended blog posts
- Streamlining Portfolio Reporting at a National Health Care Company
- Atlassian Cloud vs Data Center: Which is Better for Healthcare Organizations?
- The Official Oxalis Cloud Migration Strategy Playbook
Get in touch today.
Feel free to send us a message in the form below. We’re very approachable and would like to talk more about how we can meet your needs: