Learn about Atlassian organizations
New to administering Atlassian cloud products? Learn about Atlassian organizations and what it means to be an organization admin.
A Business Associate Agreement (BAA) is a written contract between a business associate and a covered entity or another business associate. The BAA outlines the terms and conditions to ensure Protected Health Information (PHI) is appropriately safeguarded. Under HIPAA, Atlassian is considered a business associate. You must have a BAA in place before PHI can be uploaded to our products.
We can sign BAAs for Standard, Premium, and Enterprise plans for Jira, Jira Service Management, and Confluence. Free and trial plans are not eligible to sign BAAs.
To sign a BAA, go to admin.atlassian.com and select Settings > Compliance.
Then, select the Health Insurance Portability and Accountability Act (HIPAA).
Select Sign a BAA.
Provide the following information in the form:
Your legal name
Your email address
Name of signatory
A signatory is any individual who possesses legal authority to bind your organization into legally enforceable contracts
Email address of the signatory
Your organization's physical address
Select Submit. After selecting Submit, we will process your request to sign a BAA and send an email to the signatory containing a copy of the BAA.
The signatory should carefully review and execute the BAA within a 90-day timeframe. Once this period elapses, the link for signing the BAA will no longer be available and you need to reach out to Atlassian Support to complete the BAA process.
After you’ve signed a BAA, you must tag your product and follow the HIPAA Implementation Guide before you upload any PHI into the products. Learn how to tag your products
For Enterprise plans, contact your Atlassian representative to sign a Business Associate Agreement (BAA).
It’s important to remember that HIPAA compliance is a shared responsibility between Atlassian and you. Completing these steps won't automatically guarantee your compliance with HIPAA, you must also ensure that you follow HIPAA best practices.
Was this helpful?