Organizations that fall under HIPAA regulations face hefty fines for using cloud software that isn’t HIPAA compliant.
Atlas is a teamwork directory to connect the dots across teams, their apps, and work. Atlas automatically aggregates teams, their projects, goals, and knowledge by topic.
Atlas is made by Atlassian.
There’s a primary item to consider when it comes to Atlas and its ability to provide a HIPAA compliant service.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as protected health information (PHI).
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance. In the case of Atlas, the service would certainly fall into the category of business associate if it’s servicing customers that would store, process, or transmit PHI on its platform.
We checked the Atlassian site and found:
In a nutshell:
The BAA is a key component to HIPAA compliance between a covered entity and a business associate.
While Atlassian, the company that makes Atlas, will sign a BAA with customers, there are two important caveats:
Conclusion: Atlas is not covered by the Atlassian BAA and is therefore not HIPAA compliant.