We utilize the helpdesk of JIRA. Where some emails we get into the email address we have setup, that opens the JIRA ticket. Some contain PHI inside the email and is transmitted over to the JIRA ticket. We do have the helpdesk users go through the ticket and remove the PHI but is the data that first came in with the PHI is that stored on JIRA systems anywhere. Or could it be once it is updated in the ticket it is taking out of the system?
Hi @Jeff Thorne,
Welcome to Atlassian Community!
If the request contains PHI and the agent removes it, it is still stored in the backend database and can be viewed as part of the history of the request. If you are on the standard plan or higher you can use the HIPAA Compliance option and you can then tag products that contain PHI so they can be identified and treated in accordance to HIPAA regulations.
We are currently using the free version of JIRA, since we only have 2 users that are using it. Is there any other advantages to migrate off the free version to the standard or higher plan?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The biggest advantage, at least for me, would be that you get access to permissions if you upgrade, you can then control who have access to specific request, another one would be data residency. You can see the difference if features between the different plans here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is there way to delete the data from the system that we indicate is PHI? Would deleting the ticket remove any trace of the PHI inside the ticket or would there still be traces of it in the system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, deleting the ticket would remove all data of it from the system, unless you are either using the built-in backup option or using an app for it. Also worth noting, as stated in the link provided above, is that if you are using apps then you need to have a BAA signed with the vendor of that app in order to be HIPAA compliant, the one for Atlassian only covers eligible Atlassian products.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Not too familiar with JIRA, where we we check for the built-in backup option if it is turned on?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Currently you have to download Admin Kit for Jira, and you can access it from Apps > Manage apps. There is a new backup and restore experience that is scheduled to be released in Q4 2024 according to Atlassian's public roadmap.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Once the ticket is deleted from the JIRA system or is there still remanence of the information inside the JIRA dashboard or the backend servers of the JIRA system? With the free version there is no telling where the JIRA databases we are utilizing of the location?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, delete is permanent and the only way to restore it would be from backup. This why it is important to not give the delete issue permission to a lot of users, since they could accidentally cause a lot of issues.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you, is there a way to tell where the server is located that our JIRA data is stored on?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, if you go to admin.atlassian.com and click on Security > Data residency it will show you the location. By default you are added to the Global location, but you can select to pin it to a specific location. You can read more about data residency here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.