Jira and Confluence are now HIPAA-compliant - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.

Jira and Confluence are now HIPAA-compliant


An Atlassian data privacy milestone: Jira Cloud and Confluence Cloud are now HIPAA-compliant. Atlassian recently published a guide to HIPAA compliance. Together with this knowledge, our instructions, and in just five easy steps, you'll make HIPAA compliance a breeze.

Get started now!

What is HIPAA?

Let’s start with the basics, clarifying what HIPAA actually is. For a brief definition, take a look at our Knowledge Base article on HIPAA.

HIPAA is the acronym of: Health Insurance Portability and Accountability Act, a U.S. federal law that has been in place since 1996. It was established to protect the medical records and Protected Health Information (PHI) of U.S. citizens. The original purpose of the law was to protect the data of employees who change jobs from disclosure. Limits on disclosure of health records without patient consent are intended to ensure trust, confidentiality, and integrity throughout the medical space. The introduction of national standards for the processing of electronic Protected Health Information (ePHI) should also contribute to better data protection and cost savings.

When and to whom does HIPAA apply?

While HIPAA was written to protect individuals in the U.S., these protections also come into effect when the data processing company is NOT located in the United States. Once your company stores or processes data of U.S. citizens, you must ensure HIPAA compliance. Whether you are located in Europe, Asia, or anywhere else in the world, it doesn’t matter.

HIPAA-compliance should therefore be ensured if you process health data from the United States AND fall under one of the following categories:

  • Health care providers ( doctors, clinics, hospitals, pharmacies).

  • Health plans (insurance companies, government programs such as Medicare)

  • Health care clearinghouses (billing services and community health systems for organizing health data)

What data is protected under HIPAA?

Health information that is protected under HIPAA includes an individual’s name, address, medical record number, and other Personally Identifiable Information (PII), as well as an individual’s physical or mental health condition, nursing care that an individual is receiving. For more examples of PHI, see the HIPAA law text.

What are the penalties for HIPAA non-compliance?

A HIPAA violation can result in maximum fines of up to $1.5 million per year. A person who “knowingly” acquires and discloses health information can face criminal charges of up to one year in prison.

Of course, you don’t want to risk that.

But what does all this have to do with Atlassian?

What is the connection between Jira/Confluence Cloud and HIPAA?

Many healthcare organizations and hospitals use platforms like Jira and Confluence Cloud to manage their daily tasks, projects, and data. This allows them to store and access all the Protected Health Information (PHI) they need quickly and easily. Which means they collect an exorbitant amount of sensitive data about their patients, putting them at risk of violating HIPAA regulations.

For a long time, Jira and Confluence Cloud were not HIPAA-compliant – now, Atlassian’s announcement changes everything. An external auditor has conducted an intensive assessment of the following Atlassian products and found them to be compliant with HIPAA regulations:

  • Jira Software Cloud

  • Confluence Cloud

  • Jira Service Management


The HIPAA Implementation Guide

To make Jira, JSM, and Confluence HIPAA-compliant with absolute certainty and avoid any penalties, you should perform specific configurations on your Atlassian account, as Atlassian describes in their implementation guide.

Summarized for you, here are the five simple steps you can take to make Confluence and Jira HIPAA-compliant:

  • Organizations that need to comply with HIPAA policies should purchase an Enterprise Plan

  • Sign a Business Associate Agreement (BAA) with Atlassian

    1. This is a contractual agreement stating that HIPAA requirements will be met

  • Ensure that all third-party applications integrated with Jira and Confluence Cloud are running in a HIPAA-compliant manner

    1. The BAA covers only the corresponding Atlassian products

  • Ensure that you do not store PHI in any of the following fields:

    • Confluence

      • Space keys

      • Space name

      • Page title

    • Jira Software

      • Configuration data:

        • issues

        • project name

        • project key

        • workflow schemes

  • Others

    • Surveys

    • Customer feedback

  • Disable all email and push notifications in product settings


Smart support for HIPAA-compliance

Be especially careful with step four, verifying that you are not storing PII/PHI outside recommended fields/locations. Perform a detailed security audit. This is where our Data Protection and Security Toolkit for Jira/Confluence comes to the rescue. This smart assistant lets you scan your cloud instances at lightning speed to find critical health data. Simply select birthdates, phone numbers, social security numbers or the like from predefined search rules:

With this tool, you’re guaranteed to never miss any sensitive health data and be one step closer to HIPAA-compliance.

Conclusion: HIPAA compliance made easy

Thanks to Atlassian’s update, HIPAA compliance in healthcare has never been easier – even for cloud products! Still, compliance doesn’t just fall into your lap. However, by following the HIPAA implementation guide and our tips, you’ll be on the safe side. A smart tool like our Data Protection and Security Toolkit is a not to be underestimated help in the process of data protection procedures.

If you would like further guidance concerning HIPAA compliance for Jira and Confluence, feel free to contact our Data Protection Compliance Service. If you are able and willing to perform the steps listed above on your own, it is worth taking a look at the app presented.

Convince yourself and test it for free!

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 3

No votes so far! Be the first to rate this post.