• Products
  • Documentation
  • Resources

Understand HIPAA compliance for Atlassian products

Atlassian's Health Insurance Portability and Accountability Act (HIPAA) solution enables you to operate Atlassian products as per your HIPAA compliance obligations. HIPAA is a federal regulation developed by the United States Department of Health and Human Services. It is designed to protect the privacy and security of people's protected health information (PHI).

HIPAA applies to covered entities and business associates that create, receive, maintain, access or send PHI.

It is your responsibility to ensure your compliance with HIPAA and determine whether you must enter into a Business Associate Agreement (BAA) with Atlassian.

We can sign BAAs for Standard, Premium, and Enterprise plans for Jira, Jira Service Management, and Confluence. Free and trial plans are not eligible to sign BAAs. Learn how to sign a BAA

To operate Atlassian products to support your HIPAA compliance needs, you will need to take the following steps:

Sign a Business Associate Agreement (BAA) with Atlassian: A BAA is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to safeguard Protected Health Information (PHI). Learn how to sign a BAA

Tag products: Tagging products involves marking or labelling certain products that contain protected health information (PHI) so that they can be identified and treated in accordance with HIPAA regulations. Learn how to tag products

Configure your products: You must follow the steps outlined in the HIPAA Implementation Guide to configure your product settings. This will help ensure you are using our products in a HIPAA-compliant manner. Learn how to configure your products in accordance with the HIPAA Implementation Guide

It’s important to remember that HIPAA compliance is a shared responsibility between Atlassian and you. Completing these steps won't automatically guarantee your compliance with HIPAA, you must also ensure that you follow HIPAA best practices.

Additional Help