Hello,
I work at a smaller healthcare organization. We're currently in the process of migrating from Data Center to Cloud and have already signed a BAA with Atlassian for HIPAA compliance. In the Atlassian HIPAA Implementation Guide, it states you must have a BAA with all relevant third-party apps also.
Between our Jira and Confluence applications, we have around 20 add-ons. I started reaching out to each of them yesterday asking for a BAA, but most have responded saying they don't offer that or this is the first time hearing about it and they'll look into it. I'm not feeling very confident that we will be able to get this with any, let alone all of our app (add-on) vendors.
Has anyone else dealt with this issue? Or, is there a workaround in order to maintain HIPAA compliance? We need this because we are a healthcare organization and there is a chance that PHI could be accidentally input into tickets at some point.
Thank you in advance for any insight,
Justine