Enabling HIPAA Compliant in Confluence and Jira Service Management

Welcome to the community, @Godknows Agbodo  👋

As mentioned in Atlassian's HIPPA implementation guide, your Atlassian admin(s) is/are responsible for this using Atlassian Automation.

You may wish to consider working with an Atlassian Solution Partner who specializes in this area for assistance from someone who has done this before.

Meanwhile, if you are lucky, and Atlassian customer (peer) who's done this before may chime in. I added some add'l tags to draw the right eyeballs to your question.

I hope this helps,

-dave

Below is a screenshot of the default "Public comment edited" notification template looks like when the "safe customer notifications" setting is on. In short, entire variables are redacted (replaced with those black dots in brackets,) so there is no smart detection to selectively remove sensitive/restricted information. The affected variables are work item summary, work item description, and work item comment text. The variables are show with a lock icon in the "Insert variable" menu.

This was a change for my group when we moved to a HIPAA-compliant cloud site, so a lot of our service project administrators have adopted some variation on the template below:

This is not a feature that redacts PHI. It simply changes the notification templates to only display bare bones information “This person made a change to this work item”. Then the recipient has to click the link and authenticate in Jira to access additional information. It’s honestly a fairly huge issue for a small subset of people in our company, as we receive tons of JIRA notifications (that we want!) but having to click links to view the tickets each time has drastically reduced workflow efficiency in some cases. I wish Atlassian would allow orgs to apply HIPAA compliance at the Project level!!