The Health Insurance Portability and Accountability Act (HIPAA) is a federal regulation developed by the U.S. Department of Health and Human Services. HIPAA was designed to protect the privacy and security of an individual’s Protected Health Information (PHI) and establishes standards and requirements around the use, disclosure, and protection of that data. HIPAA applies to covered entities and business associates, that create, receive, maintain, access, or send PHI.
Atlassian provides comprehensive privacy and security protections that enable our customers to operate our products in compliance with HIPAA. These include:
- security measures for protecting PHI
- assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
- an annual HIPAA Security Attestation, Gap Assessment, and Security Risk Analysis
- the regular review and retention of HIPAA policies and procedures
- security awareness content regarding the protection of ePHI, and
- the designation and role definition of a HIPAA Security and Privacy Officers
Customers who are subject to HIPAA compliance and want to partner with Atlassian purchase a Standard, Premium, or Enterprise Plan and enter into a Business Associate Agreement (BAA) that covers the applicable products and services. For more information on a BAA with Atlassian, please visit this page.
Additionally, we’ve created a guide that customers will need to read and follow before inputting any PHI into our products. This will help ensure that customers use our products and services in a way that supports their HIPAA compliance obligations.
For more detailed information on the steps we’ve taken to meet each of the requirements defined by HIPAA, please visit this page.