HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a regulation developed by the U.S. Department of Health and Human Services designed to protect the privacy and security of an individual’s Protected Health Information (PHI). The HIPAA Security Rule was established to protect individuals’ health information and ensure the security, integrity, and confidentiality of this data. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, as well as other third parties, known as “Business Associates”, that create, receive, maintain, or send PHI.

Atlassian provides comprehensive privacy and security protections that enable our customers to operate our products in compliance with HIPAA. These include:

• security measures for protecting PHI
• assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
• an annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
• the regular review and retention of HIPAA Security policies and procedures
• security awareness content regarding the protection of ePHI, and
• the designation and role definition of a HIPAA Security Officer.

Customers who are subject to HIPAA compliance and want to partner with Atlassian must purchase an Enterprise Plan and enter into a Business Associate Agreement (BAA) that covers the applicable products and services. For more information on the signed BAA, please contact us.

Additionally, we’ve created a HIPAA Implementation Guide that customers will need to read before inputting any data. This will ensure each customer uses our products and services in a HIPAA-compliant way.

For more detailed information on the steps we’ve taken to meet each of the requirements defined by HIPAA, please visit this page.