HIPAA Compliance of Atlassian Application Add-ons

Darren Zuiderweg May 2, 2024

We have a Jira Cloud instance that could, at times, contain PHI. We waited for the HIPAA compliant Standard version of Jira Cloud and have a signed BAA with Atlassian. I understand that the applications from the Marketplace do not fall under that agreement with Atlassian and need to be reviewed individually. 

But, there are some apps that are developed by Atlassian. For instance the Jira Cloud for Outlook (Official) app. In this case, since it's an official Atlassian application, would it be covered by BAA we have with Atlassian? Would it be HIPAA compliant? 

1 answer

1 vote
Kian Stack Mumo Systems
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 2, 2024

@Darren Zuiderweg


With something like HIPPA, I would always err on the side of caution. If you review the implementation guide for HIPPA it states the BAA only covers eligible products which include Jira Service Management, Jira, and Confluence. Based on my reading, it would appear that they do not include Atlassian developed apps in the BA. I would reach out directly to Atlassian to confirm and have your legal team also perform a review before implementing any apps.

Suggest an answer

Log in or Sign up to answer
Site Admin
AUG Leaders

Atlassian Community Events