Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

is JIRA Software Data Center HIPAA compliant?

We are currently on JIRA Server and Service Desk, we need HIPAA compliance.

Are the Data Center version HIPAA compliant?


1 answer

1 accepted

4 votes
Answer accepted

Atlassian doesn't make products that state they meet any specific regulations.  That doesn't mean that their products can't be made to meet the compliance you need, however.  We work with many clients that need to be HIPAA compliant and we have been successful at implementing Atlassian tools to pass audits. 

In short, they can be HIPAA compliant, but you need to configure them to be compliant (or work with a Solutions Partner that knows what to do.)

Could you please suggest possible ways to implement HIPAA compliance in JIRA?

I think your only option currently is to be on a self-hosted version of Jira.  Cloud doesn't have the capability currently.  You should use SSL on the front-end.  The supported databases all have the ability to encrypt data in the database as long as you use a driver that can support it. This is not something that Atlassian supports, but it's possible.  There is an App from Marketplace that helps obfuscate personal information that may be inadvertently entered in to Jira as well. Permissions in Jira are very granular, but you may need to lock your Projects down more than you are currently doing.  You can also make use of Issue Security to limit access to individual issues.  You may need to increase log verbosity and perform some audits to ensure compliance.  I hope that helps.

Like Petter Gonçalves likes this

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events