We have a Jira Cloud instance that could, at times, contain PHI. We waited for the HIPAA compliant Standard version of Jira Cloud and have a signed BAA with Atlassian. I understand that the applications from the Marketplace do not fall under that agreement with Atlassian and need to be reviewed individually.
But, there are some apps that are developed by Atlassian. For instance the Jira Cloud for Outlook (Official) app. In this case, since it's an official Atlassian application, would it be covered by BAA we have with Atlassian? Would it be HIPAA compliant?
With something like HIPPA, I would always err on the side of caution. If you review the implementation guide for HIPPA it states the BAA only covers eligible products which include Jira Service Management, Jira, and Confluence. Based on my reading, it would appear that they do not include Atlassian developed apps in the BA. I would reach out directly to Atlassian to confirm and have your legal team also perform a review before implementing any apps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.