Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


FY23 HIPAA Compliance

January 4, 2023


The Health Insurance Portability and Accountability Act (HIPAA) is a federal law developed by the U.S. Department of Health and Human Services and was established in 1996. It was enacted to protect sensitive patient health information from being disclosed without patient consent or their knowledge. HIPAA establishes privacy, security and breach notification rules for the storage, processing, and transmission of health information. The data that is governed under this legislation is referred to as ePHI (electronic Protected Health Information).

The HIPAA Security Rule specifically focuses on the safeguarding of ePHI through the implementation of administrative, physical, and technical safeguards. Compliance is mandated to all organizations defined by HIPAA as a covered entity or business associate. Atlassian, as a business associate, is required to:

  • Ensure the confidentiality, integrity, and availability of all ePHI that is created, received, maintained or transmitted,

  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information,

  • Protect against reasonably anticipated unauthorized uses or disclosures of ePHI, and

  • Ensure compliance by the workforce.

What Atlassian products comply with HIPAA rules?

Atlassian is proud to announce that the following products have been assessed by an external auditor as meeting HIPAA safeguards and requirements:

  • Jira Software Cloud

  • Confluence Cloud

  • Jira Service Management


For more information, please visit the Compliance Resource Center.



Log in or Sign up to comment

Hi @Hema Vadodaria , would you please share a bit more details on JSM Cloud and HIPAA compliance.  Are there any features that existing customers need to verify?


What tiers of each of these products will HIPAA compliance be available?

Amy Knapp
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 04, 2023

Hi @Pawan Kohli & @ckennedy for details about implementation needs, tiers, and products covered to meet HIPAA requirements, please see:

I was wondering how Atlassian solved the HIPAA requirement to encrypt PHI in email communication, because as creators of the S/Notify Email Encryption app for Data Center, we have been trying to convince Atlassian into providing an API that would allow us implement email encryption for their Cloud offerings, too, but sadly haven't seen any interest there.

Now I see how Atlassian solved this problem: "you’ll need to turn off all email and push notifications in the product settings." (In step 4 of How to configure your Atlassian account to meet HIPAA requirements.)

In my opinion, this requirement deprives Atlassian products of one of their most useful features. Optional email encryption would offer a much better alternative. 

Still hoping for Atlassian to enable us to provide a solution!

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 05, 2023

@Pawan Kohli , @ckennedy @Metin Savignano 

Some of the questions already answered above, but to confirm: 


Hope that helps! 

Like # people like this

@Filiberto Selvas , thanks for the info!

I've seen the plan for "redacted" notifications. Still wondering how exactly this will work, and also why a seemingly complex solution was chosen while a straight-forward one already exists?


I've remembered a description of the "redaction" feature here, saying:

By turning on safe notifications, this will hide data including ‘Issue summary’, ‘Issue description’, ‘Comment’, and 'Attachment” from the corresponding notification emails that your customers will receive.

As far as I understand it, this essentially means that effectively all information is removed, and more or less only a link to the issue is sent. Is that correct?

If so, this means that it's an improvement over not getting notified at all, yet the user would have to click the link in each notification to see the new comment added or understand the context?

To be honest, I think, this approach unnecessarily limits existing functionality. Also, other requirements, like somehow taking care of not putting PHI in issue titles or page names, could turn out to be difficult for customers to safely observe. 

May I amend that anyone, who would prefer to see email encryption at least as alternative option for HIPAA compliant notifications, could vote for JSDCLOUD-8850: Implement API for S/MIME Support, so Atlassian may consider to add this to their framework.

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 06, 2023

Thank you for your suggestions @Metin Savignano 

To be clear, not all information is removed. but anything that can contain protected health information is removed. 

Filiberto Selvas 

@Filiberto Selvas I noticed in the implementation guide that only Jira Software, Jira Service Desk, and Confluence are available for HIPAA. Are there plans to include Work Management or other products in the future. If so, is there a timeline?

You call out the products Jira Software Cloud, Confluence Cloud, and Jira Service Management as being HIPAA compliant - what's the status on the newer products - Atlas, Product Discovery, and old, e.g. OpsGenie? Can you list out which products are underway or not yet approved?

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 25, 2023

@ckennedy and @Nate Whitehead , 

There is currently no roadmap plans for HIPAA compliance of other products, but we are tracking customer desire for those. Can you list specifically which ones are more critical for you? 

Here the Compliance Roadmap: 

@Filiberto Selvas the products I'm most interested right now are Jira Work Management (Is that included with HIPAA under Jira Software?), Product Discovery, and Jira Align.

Filiberto Selvas
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Sep 27, 2023
AUG Leaders

Atlassian Community Events