Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I determine if marketplace apps are HIPAA compliant? BYOK?

Rob Horan
Rob Horan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 1, 2025

Hello,

I've read  HIPAA implementation post and the Implementation guide and there's no clear process for reviewing apps in advance of adopting or migrating to the cloud.

The only guidance I saw was "Ensure that all third-party applications integrated with Jira and Confluence Cloud are running in a HIPAA-compliant manner"

How does one do that?  The security pages for app listings in the marketplace doesn't call out HIPAA (or BYOK) compliance.

There is an instructional page for tagging apps but that requires you to be in the cloud.

I am looking to assess in advance of adopting cloud.

Answer
Watch
Like Be the first to like this
47 views

1 answer

1 accepted

3 votes
Answer accepted
Walter Buggenhout
Walter Buggenhout
Community Champion
May 1, 2025

Hi @Rob Horan,

As a starting point, check the marketplace listing page for the app and pay specific attention to the Privacy and Security tab out there.

If the information you find there is not conclusive, contact the app vendor for additional details. They should be able to help you out.

Hope this helps! 

View More Comments
Rob Horan
Rob Horan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 1, 2025

I have looked on these pages but the tab is not very clear. 

What in particular indicates compliance/non-compliance?

Assume I am documenting a process - I go to the app, open the tab and then review the info.  What is the compliance criteria?

Like
Walter Buggenhout
Walter Buggenhout
Community Champion
May 1, 2025

Simply put: if I don't see HIPAA complyance or BYOK mentioned there and I want an assessment, I raise a request with the vendor. It will probably be the fastest way to get a trustworthy answer.

Like Calvin likes this
Walter Buggenhout
Walter Buggenhout
Community Champion
May 1, 2025

And on a side note: if you are assessing apps prior to cloud migration, it is a very good idea to involve app vendors for the apps you're planning to migrate early on, since they can point out things to keep in mind during the migration. Many apps nowadays offer an automated migration path, but in many cases there's manual steps you'll need to consider prior to or post migration in order to get everything over smoothly when you're ready to migrate in production.

Like
Rob Horan
Rob Horan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 1, 2025

So there's no way to look at the info presented in the tab and get enough information to make a yes/no determination?

Thank you for getting back so quickly!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.