Join us Thurs, June 24 at 11 AM PT for a live discussion about the growing risks of data exfiltration posed by code repos. Learn more.
Is Atlassian Cloud HIPAA Compliant?
In 2021, digital transformation has accelerated. At the tail end of the COVID pandemic, with companies remaining remote, the demand for cloud services in the enterprise is the highest It’s ever been. Healthcare organizations, which more directly encountered the acute challenges posed by the pandemic, were among the first to be shaped by the current wave of digital transformation. Companies like Atlassian have been built from the ground up to enable digital transformation, so it’s no surprise to us that we often get asked if Atlassian Cloud is HIPAA-compliant.
What products and services does Atlassian Cloud offer?
Atlassian Cloud is a suite of products that help with building organization-wide knowledgebases as well as managing the software development lifecycle. Atlassian Cloud’s core offerings include:
- Jira Software: For planning, tracking, and flagging tasks in the software development lifecycle.
- Confluence: For building detailed internal wikis, knowledgebases, and documentation.
- Jira Service Management: For managing IT service management and operations.
- Opsgenie: For incident response.
- Statuspage: For tracking and reporting service status in real time.
- Halp: A Slack/Microsoft Teams-first approach to support ticket intake and management.
- Trello: A lightweight approach to Kanban board-style project management.
- Jira Work Management: An alternative to Trello for business users looking for project management platforms for non-developers.
- BitBucket: A git-based repository management solution.
- Sourcetree: A desktop client that provides a UI for interacting with Git repositories.
Atlassian also grants access to third-party plugins via the Atlassian Marketplace. Plugins allow users to enhance usability or security of their Atlassian products. For example, Nightfall DLP is accessible for the marketplace and allows for organizations to scan for PII, PHI, and other sensitive information in files, messages, and other content within Confluence.
Can Atlassian products be configured to be HIPAA-compliant?
On its Trust FAQ page under “Does Atlassian adhere to information security standards” Atlassian lists that it complies with a variety of standards, including:
- ISO/IEC 27001
- ISO/IEC 27018
- The Cloud Security Alliance Security, Trust, & Assurance Registry
- FedRAMP for Trello Enterprise
Under the HIPAA/HITECH portion of this section, Atlassian states that it’s unable to sign a Business Associate Agreement. This would make it ineligible for use by a HIPAA covered entity. Atlssian states, however, that its Data Center products can be configured for use by entities regulated by legislation such as HIPAA.
Could Atlassian Cloud become HIPAA-Compliant in the future?
In recent news, Atlassian has announced that it would stop selling on-prem server licenses starting this year. While Atlassian Data Center still exists as a product tier, this move has been noted as a clear sign that Atlassian is going all in on its cloud offering. This will likely include changes that will make Atlassian’s Cloud offerings more usable across industries. On its cloud roadmap page Atlassian states that the company will provide an attestation of compliance with HIPAA requirements For Jira Software Cloud and Confluence Cloud by Quarter 2 of 2022. As of now, it’s unclear whether Atlassian’s other cloud products are roadmapped as part of this process, but it remains a possibility.
Being HIPAA compliant means asking the right questions
Are you looking for other HIPAA-compliant SaaS applications to enable digital transformation within your healthcare organization? Grab a copy of our Guide to HIPAA Compliance Checklist. It has important details you’ll want to ask any SaaS provider as a HIPAA covered entity.
Subscribe to our newsletter
Receive our latest content and updates
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack, Google Drive, GitHub, Confluence, Jira, and many more via our Developer Platform. You can schedule a demo with us below to see the Nightfall platform in action.
Schedule a Demo
Select a time that works for you below for 30 minutes. Once confirmed, you’ll receive a calendar invite with a Zoom link. If you don’t see a suitable time, please reach out to us via email at email@example.com.