Team Brainstorm

Jira Service Management HIPAA Compliance: Everything You Need to Know

April 14, 2023

Atlassian continues to invest in becoming a cloud-first company, and this includes ensuring the highest level of security and compliance. With security and compliance being the cornerstone of its products and services, Atlassian just hit another big milestone in their Cloud Roadmap: Jira Service Management is now HIPAA compliant. 

But what exactly does being HIPAA compliant mean? Why is it important for your business? And what does it mean for your Atlassian products? In this article, we’ll get to the bottom of these questions and give you the low-down on everything you need to know about Atlassian’s recent announcement regarding Jira Service Management's HIPAA compliance. 

What Does HIPAA Compliance Involve?

The Health Insurance Portability and Accountability Act (HIPAA) is a regulation developed by the U.S. Department of Health and Human Services designed to protect the privacy and security of an individual’s Protected Health Information (PHI). The HIPAA Security Rule was established to protect individuals’ health information and ensure the security, integrity, and confidentiality of this data. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, as well as other third parties, known as “Business Associates”, that create, receive, maintain, or send PHI.

Compliance with HIPAA can only occur when an entity implements controls and protections for any relevant Patient Health Information (PHI). To make this a reality, a healthcare company must review the entirety of HIPAA (privacy laws, omnibus, etc.) and make provisions to follow the regulations within their business. 

HIPAA compliance means implementing controls and safeguards to ensure the confidentiality and integrity of protected health information. It involves developing policies and procedures that are in line with HIPAA laws and regulations and requires your organization to use HIPAA-compliant software that keeps patient data confidential.

What Does Being HIPAA-Compliant Mean for My Atlassian Products?

Security failures, compliance oversights and not regulating how technology is used puts organizations at risk of violating HIPAA. When you use Atlassian products, Atlassian provides comprehensive privacy and security protections that enable customers to operate products in compliance with HIPAA. These include:

  • Security measures for protecting PHI
  • Assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
  • An annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
  • Regular review and retention of HIPAA Security policies and procedures
  • Security awareness content regarding the protection of ePHI, and
  • The designation and role definition of a HIPAA Security Officer.

Additionally, as industry leaders in security and compliance, Atlassian works with third-party organizations to regularly audit their security, privacy, and compliance controls to support all of their customers’ compliance needs and meet different HIPAA requirements. We recommend referencing this chart that explains the different HIPAA requirements and what Atlassian is doing to meet them. 

What Atlassian Products Comply With HIPAA Regulations?

In addition to Jira Service Management Cloud Enterprise, Jira Software Cloud Enterprise, and Confluence Cloud Enterprise are also HIPAA compliant. Stay up-to-date with any announcements related to Cloud products and compliance news.

How Do I Make Sure My Atlassian Software Is HIPAA-Compliant?

If your organization requires HIPAA compliance and you plan to use Atlassian products to manage patient information and confidential health data, you need to purchase an Enterprise Plan. HIPAA compliance only applies to Atlassian's Jira Software Cloud Enterprise, Confluence Cloud Enterprise, and Jira Service Management Cloud Enterprise plans.

In addition to purchasing an Enterprise Plan, you must also enter into a Business Associate Agreement (BAA) with Atlassian to ensure that the proper safeguards are in place to prevent misuse of patient health information.  

Once you are covered with these administrative steps, you will need to set your instance up in a way that meets HIPAA requirements. As part of their commitment to helping your organization meet its security and privacy needs, Atlassian created a HIPAA Implementation Guide to guide you through the process of using your Atlassian products in a HIPAA-compliant way. 

It’s also important to note that while Atlassian has provided you with the necessary security features, it’s up to your organization to ensure that your people and processes also adhere to HIPAA regulations. You will also need to make sure that any third-party apps integrated with Jira, Confluence, and Jira Service Management are operated in a HIPAA-compliant manner. 

Customize Your Atlassian Software to Work For You

While these updates to Atlassian products are exciting, there’s still a lot to learn and navigate through, especially when it comes to making sure your data is secure and is being managed properly. 

At Praecipio, we are committed to ensuring the unwavering security of your company’s information so your teams can focus on the work that matters most. In addition to guiding you through the complex process of migrating to Atlassian Cloud, we set you up for success with Atlassian Cloud Enterprise and ensure your instance is configured in a way that meets all HIPAA requirements. 

Contact us to learn more about how we can help your organization comply with laws and regulations regarding healthcare information. If you have additional questions about migrating to Atlassian Cloud, watch our webinar where our migration experts provide answers to the most common questions about moving to the cloud.

Cloud Migration Q&A

Learn More About Atlassian Cloud Migration