• Products
  • Documentation
  • Resources

Sign a Business Associate Agreement (BAA)

A Business Associate Agreement (BAA) is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to ensure Protected Health Information (PHI) is appropriately safeguarded. Under HIPAA, Atlassian is considered a business associate. You must have a BAA in place before PHI can be uploaded to our products.

We can sign BAAs for Standard, Premium, and Enterprise plans for Jira, Jira Service Management, and Confluence. Free and trial plans are not eligible to sign BAAs.

Standard and Premium plans

  1. To sign a BAA, go to admin.atlassian.com and select Settings > Compliance.

  2. Then, select the Health Insurance Portability and Accountability Act (HIPAA).

  3. Select Sign a BAA.

  4. Provide the following information in the form:

    • Your legal name

    • Your email address

    • Name of signatory
      A signatory is any individual who possesses legal authority to bind your organization into legally enforceable contracts

    • Email address of the signatory

    • Your organization's physical address

  5. Select Submit. After selecting Submit, we will process your request to sign a BAA and send an email to the signatory containing a copy of the BAA.

  6. The signatory should carefully review and execute the BAA within a 90-day timeframe. Once this period elapses, the link for signing the BAA will no longer be available and you need to reach out to Atlassian Support to complete the BAA process.

After you’ve signed a BAA, you must tag your product and follow the HIPAA Implementation Guide before you upload any PHI into the products. Learn how to tag your products

Enterprise plans

For Enterprise plans, contact your Atlassian representative to sign a Business Associate Agreement (BAA).

It’s important to remember that HIPAA compliance is a shared responsibility between Atlassian and you. Completing these steps won't automatically guarantee your compliance with HIPAA, you must also ensure that you follow HIPAA best practices.

Still need help?

The Atlassian Community is here for you.