Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

HIPAA - Jira Service Desk

Fernando De Oro
Fernando De Oro February 17, 2020

Hi,

We are in the middle of HIPAA compliance process, and We are using Jira Service Desk Cloud Edition as our Ticketing System.  I have heard/read that our edition doesn't comply with HIPAA and we plan to move to datacenter instead under AWS (according to our researches). Atlassian only say "on the work" with no deadlines.

So, I want to know if, is there anyone out there that can instruct me on how to accomplish with HIPAA regulations using Jira Service Desk? no matter if it is Cloud, Server or Datacenter edition. We are a small company running ~50 agents, and I can't imagine that we are the only ones (or the first) looking on to use Jira with HIPAA needs.

Any help is appreciated,

Fernando.

Answer
Watch
Like Chris Brown likes this
3741 views

2 answers

1 accepted

0 votes
Answer accepted
Earl McCutcheon
Earl McCutcheon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 18, 2020

Hello @Fernando De Oro ,

We mention this in the following FAQ relating to Security related questions, but YES it is recommended to use the Self hosted server platform for HIPAA compliance:

HIPAA / HITECH – For our Cloud products, we are not able to sign a Business Associate agreement and we recommend our Server products for companies that need to comply. We have more information on this in our Privacy Policy.

To Elaborate on this A HIPAA business associate agreement is a contract between a HIPAA-covered entity and a vendor used by that entity, and as Atlassian Only offers contractual agreements via the applications Terms of service and does not offer signing into additional agreements on an individual instance basis, so the requirement cannot be met for this particular compliance checkbox on the Cloud platform.

Regards,
Earl

View More Comments
Fernando De Oro
Fernando De Oro February 19, 2020

@Earl McCutcheon  Thanks for your reply. Can DataCenter edition in AWS help with this instead of Server edition? 

Like
Earl McCutcheon
Earl McCutcheon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 19, 2020

Hi @Fernando De Oro ,

Yes, Datacenter on AWS would be an applicable solution for you.

Data Center on AWS is basically just a self hosted Server Version, only hosted on AWS rather than your own hardware, so the HIPAA compliance requirements would come down to what configurations you set on the container and what AWS offers for the container you're hosting the server on.

The following is a great resource in the AWS documentation pages on HIPAA compliance within their environment to get you started:

Regards,
Earl

Like
Fernando De Oro
Fernando De Oro February 19, 2020

Perfect. thanks for your quick answer @Earl McCutcheon .

Like Earl McCutcheon likes this
Reply
0 votes
Jake Sullivan
Jake Sullivan September 14, 2021

In case other folks are curious about ensuring HIPAA compliance when using Cloud, Server, or Data Center products, we're maintaining an up-to-date resource to understand tradeoffs based on your use case:

https://oxalis.io/is-jira-hipaa-compliant/

HIPAA-compliant organizations that don't store PHI/PII in Jira Cloud might be interested in leveraging Data Loss Prevention tooling to help enforce compliance.

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events