Understand HIPAA compliance for Atlassian products

Atlassian's Health Insurance Portability and Accountability Act (HIPAA) solution enables you to operate Atlassian products as per your HIPAA compliance obligations. HIPAA is a federal regulation developed by the United States Department of Health and Human Services. It is designed to protect the privacy and security of people's protected health information (PHI).

HIPAA applies to covered entities and business associates that create, receive, maintain, access or send PHI.

It is your responsibility to ensure your compliance with HIPAA and determine whether you must enter into a Business Associate Agreement (BAA) with Atlassian.

To operate Atlassian products to support your HIPAA compliance needs, you will need to take the following steps:

Sign a Business Associate Agreement (BAA) with Atlassian: A BAA is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to safeguard Protected Health Information (PHI). Learn how to sign a BAA

Tag products: Tagging products involves marking or labelling certain products that contain protected health information (PHI) so that they can be identified and treated in accordance with HIPAA regulations. Learn how to tag products

Configure your products: You must follow the steps outlined in the HIPAA Implementation Guide to configure your product settings. This will help ensure you are using our products in a HIPAA-compliant manner. Learn how to configure your products in accordance with the HIPAA Implementation Guide