What is HIPPA
Health Insurance Portability and Accountability Act (HIPAA) is a federal regulation developed by the U.S. Department of Health and Human Services
Atlassian Platform HIPPA support
Atlassian provides comprehensive privacy and security protections that enable customers to operate Atlassian products in compliance with HIPAA.
In the https://support.atlassian.com/organization-administration/docs/understand-hipaa-compliance-for-atlassian-products/ page. There you will find about how you sign a Atlassian Business Associate Agreement (BAA) with Atlassian and how you would configure the Atlassian Products to safeguard data that Atlassian hold.
Marketplace Apps HIPP support
Marketplace apps are not in scope for the Atlassian signed BAA. Our cloud app JEMHC has no concept of HIPPA data and categorizations that you make on the Atlassian Product, we don’t extract/store data ourselves, the bare minimum information is stored (i.e. email addresses/personal names) for inbound/outbound auditing purposes. JEMHC is a tool, you can use it to extract data from the ‘source’ email content and store in your Jira instance in those pre-defined HIPPA fields.
The https://support.atlassian.com/organization-administration/docs/the-hipaa-implementation-guide/ page states that:
All third-party apps integrated with Atlassian products also need to be operated in a HIPAA-compliant way. This means you must have a signed Business Associate Agreement (BAA) with all relevant third-party apps.
As we see it, enabling HIPPA is done at the Atlassian Product (Jira/Confluence) level in order to apply “protection” to specific typed/identified/tagged data holding entities like Jira Custom Fields, limiting search and (I we expect) remote access from apps like JEMHC.
Summary
As yet we have no specific HIPPA compliance that would enable us to sign a BAA.
Further Information
If you need more, feel free to log a support ticket with us: