Is it possible to be HIPPA compliant and run JIRA on the public server at the same time?

Dina Goncharenko July 1, 2020

Hello,
We are an open source contributor and use the open source Jira license. According to the agreement (https://www.atlassian.com/ru/software/views/open-source-license-request\) ,our open source project has to have a publicly accessible website. Which means that our Jira instance has to be outside of the firewall. We are worried that this makes us vulnerable. We must be HIPAA compliant as we work with patient information a lot.

Is anyone else in the same situation? How do you guys protect your data?

 

Thank you!

Dina

1 answer

0 votes
Dave Liao
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 1, 2020

Hi Dina!

From what I understand about HIPAA, HIPAA compliance is possible within a Jira system - just ensure you are protecting patient info wherever that patient info will be stored.

  • Agree on where patient info should be stored.
  • Agree where patient info should NOT be stored.
  • Understand who should have access to patient data (certain roles? groups?). Everyone else should not.
  • Review your Jira's global permissions, project permissions, and any add-on permissions to ensure that patient info is protected.

Once you understand how permissions work on every level of your Jira system, communicate that with your stakeholders, and get sign-off that this is an acceptable solution. Good luck!

Your question has been asked before, but even the other responders agree the answer is not clear cut. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events