Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Official stance on MCP and HIPAA accounts

Michael Hamilton
Michael Hamilton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 6, 2026

This solution was pitched since we are blocked from running Rovo as it's not been blessed for use on Enterprise HIPAA products.  Curious if hosting onsite through MCP is allowed.

Answer
Watch
Like Be the first to like this
94 views

1 answer

4 votes
Ajay _view26_
Ajay _view26_
Community Champion
April 6, 2026

Hi @Michael Hamilton 

Welcome to the community!

Based on the current Atlassian docs, I would be very cautious about treating MCP as a HIPAA-safe workaround.

Two important points from the official documentation:
- Atlassian explicitly says Rovo is not HIPAA compliant and the BAA does not cover it
- the Atlassian Rovo MCP Server is a cloud-hosted service, not something you self-host inside your own environment

Rovo data, privacy, and usage guidelines

If you need an official answer for compliance review, I would push for a written response from Atlassian Security / Support rather than relying on Community interpretation.

 

 

View More Comments
Michael Hamilton
Michael Hamilton
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 7, 2026

      Thanks for sharing, Atlassian needs to provide a solution for HIPAA and GOVT segments or face the music of loosing us as customers.  Can not pitch AI solutions and toolings as the future, yet alienate your clientele.  

      We've had a couple of calls with Compliance and Support that all lead to the same type of answer...  Uncertainty.  Our team actually has their own AWS hosted LLM module that only our systems connect to.  In theory we should be able to connect our LLM to our Atlassian services. 

    The suggestion from support was to check out this MCP connection.

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
ENTERPRISE
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security