FY24 HIPAA Compliance


The Health Insurance Portability and Accountability Act (HIPAA) is a federal law developed by the U.S. Department of Health and Human Services and was established in 1996. It was enacted to protect sensitive patient health information from being disclosed without patient consent or their knowledge. HIPAA establishes privacy, security and breach notification rules for the storage, processing, and transmission of health information. The data that is governed under this legislation is referred to as ePHI (electronic Protected Health Information).

The HIPAA Security Rule specifically focuses on the safeguarding of ePHI through the implementation of administrative, physical, and technical safeguards. Compliance is mandated to all organizations defined by HIPAA as a covered entity or business associate. Atlassian, as a business associate, is required to:

  • Ensure the confidentiality, integrity, and availability of all ePHI that is created, received, maintained or transmitted,

  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information,

  • Protect against reasonably anticipated unauthorized uses or disclosures of ePHI, and

  • Ensure compliance by the workforce.

What Atlassian products comply with HIPAA rules?

Atlassian is proud to announce that the following products have been assessed by an external auditor as meeting HIPAA safeguards and requirements:

  • Jira Software Cloud

  • Confluence Cloud

  • Jira Service Management


For more information, please visit the Compliance Resource Center.



Log in or Sign up to comment
AUG Leaders

Atlassian Community Events