How do we get a countersigned copy of the BAA once it is signed and active on our platform?

373ffc7cb4d4 - eligible product listed at the bottom of: https://www.atlassian.com/trust/compliance/resources/hipaa 

In reviewing the BIAA documentation, there is a comment stating that we will need to follow the implementation guide and ensuring that we are only inputting PHI into "HIPAA Qualified Cloud Products." Will you please provide an update on what you would consider those products to be?

Thank you for circling back wiht the update 9463210ce761 ! 

fselvas@atlassian.com I was obviously following the instructions in that article as stated. But, I'm glad to inform you all that it appeared yesterday in my account and was able to successfully sign the BAA. 

I logged a ticket because I am also not seeing the Compliance option in my settings. My ticket came back with the response that this is being rolled out and some orgs may not see the Compliance option until the end of next week.

Hi Filiberto,

I also cannot see the compliance tab as Shia reports

We are now offering HIPAA to all paid plans for the supported products. Please go here for more information: https://support.atlassian.com/organization-administration/docs/understand-hipaa-compliance-for-atlassian-products/ 

9463210ce761 - are you logged in with a user that has Org Admin rights?   only a user with Org Admin rights will be able to access the BAA signing and HIPAA tagging functionality. 

If the problem persist please open a ticket through our support channels 

Hi,

For some reason I don't seem to have the option to sign the BAA. I'm following the instructions in this article but don't have the Compliance button.

[Sign a Business Associate Agreement (BAA) | Atlassian Support|https://support.atlassian.com/organization-administration/docs/sign-a-business-associate-agreement-baa/]

This is HUGE news - thank you so much for the update!

Thank you for the update!

Hello everybody!  

https://community.atlassian.com/t5/Trust-Security-articles/Expand-what-s-possible-with-HIPAA/ba-p/2250357

In the last 10 days we began the deployment of expansion of eligibility for HIPAA (Standard and Premium plans for eligible products), and HIPAA Notifications for JSW & JSM.  More on the page above, cut & pasting a snippet here: 

Editing for clarity:  expansion of eligibility is rolled out to 50% of customers as of September 26th PT.  Plan is to be rolled out to 100% by the end of the week 

>>>>>>>>>>>>>>>

{}September 2023 Update{}

We are delighted to announce HIPAA availability for Standard and Premium versions of all HIPAA Eligible products! 

We began rolling out this new capability on September 19 2023 and are targeting to make this available to all Standard and Premium customers by the end of the month. This new self-serve experience allows org admins to sign their BAA and tag the appropriate products from within their admin experience (admin.atlassian.com). For more information on how to get started, please visit Understand HIPAA compliance for Atlassian products.

We're also working on the final touches for HIPAA notifications and expect those to  be available for Jira Software and Jira Service Management by the end of the month.  Confluence is still on target to deliver by the end of the year. If you have any questions about any of these new releases, feel free to comment below.

<<<<<<<<<<

FYI it looks like HIPAA is available 🎉

https://support.atlassian.com/organization-administration/docs/understand-hipaa-compliance-for-atlassian-products/ 

https://support.atlassian.com/organization-administration/docs/sign-a-business-associate-agreement-baa/ 

@Filberto Selvas, I believe we are looking for a date for this to become effective. Please provide that and steps for us to move forward.

Thank you.

I'm really on the edge of my seat here!  I'm dying to actually use JSM~!

Hi Filiberto,

Is there any update on this? will this actually be released by the end of this Quarter aka in a few days? Fingers crossed it is still on track!

Thanks for the update, Filberto.

Can you share standard pricing?

Hello everyone, 

We are getting close - currently aiming to expand eligibility for BAA signing to Standard and Premium of eligible products (currently JSW, JSM, Confluence) by the end of September 2023 - in line with: https://www.atlassian.com/wac/roadmap/cloud/hipaa-eligibility-expansion?p=349697da-b8 

we will keep you updated. 

As we get closer and closer to the end of Q3 2023, I (as well as many others watching this ticket) would appreciate any update you have on allowing BAAs for customers without Enterprise and below 800-1000 Users. 

Do you have any updates for us @Filiberto?

Regards,
Dave C.

We are using Jira Software (Cloud) Standard plan, we would like to sign up BAA as well for it as we are in to healthcare. It would be great if Atlassian can provide BAA for the customers having Standard plan especially those who are into healthcare.  

Hi Filberto - very excited about the prospects of HIPAA-supported functionality for Confluence and Jira under a BAA for non-Enterprise plans. I've cross-referenced to CLOUD-11064 and CLOUD-11410, as well as the public-facing roadmap - thanks for the great documentation. 

Any updates on timelines for when this will be available? And how do we get in touch with the right point of contact? Is this just through standard sale channels? Finally, it would also be useful to understand anticipated pricing for the BAA specifically.

Hello 3d87e75c2445 , 

As mentioned above: We are working against the timelines stated in the public roadmap: https://www.atlassian.com/wac/roadmap/cloud/hipaa-eligibility-expansion?&p=349697da-b8 

Currently indicating Calendar Q3 2023 as the ETA 

Hi Filiberto Selvas - can you clarify your comment from yesterday. Are BAAs now available for JSW, Confluence and JSM for non-Enterprise plans? I see on the roadmap it still says 2023 Q3 but was confused by your comment. Thanks!

Hello 148a11095d90, 

Eligible products are listed here, we will continue to add as there is progress: https://www.atlassian.com/trust/compliance/resources/hipaa 

Currently BAA is offered for JSW, Confluence and JSM 

Thanks for the response, Filiberto.

Will the BAA cover Jira, Confluence, and Bitbucket?

Hello 148a11095d90 and all. 

We are working against the timelines stated in the public roadmap: https://www.atlassian.com/wac/roadmap/cloud/hipaa-eligibility-expansion?&p=349697da-b8 

As all things software these may change, but we are doing our best to keep it in track 

We are a small company and need a BAA with Atlassian for our HIPAA compliance.  This is a time sensitive issue for our company.

What is the timeframe on BAAs for non-Enterprise users? 

Do we have any timeline on when this will be available? We are looking for the same and in a way forced to evaluate other products since this option is not available for the standard users.

We are a nonprofit healthcare organization; we are looking for HIPAA compliance and nonprofit pricing in both JSM and Confluence, without having to commit to the Enterprise licensing requirements/quantities. This would be very beneficial to us.

2e4b3aabc61a and f669bc56d0b4 , you are both clear or already at the level of Cloud Enterprise. If you need HIPAA today please reach out to our sales team through [this page|https://www.atlassian.com/software/jira/pricing?&aceid=&adposition=&adgroup=136973854010&campaign=18440774082&creative=639549541112&device=c&keyword=atlassian%20jira%20pricing&matchtype=e&network=g&placement=&ds_kids=p73345564496&ds_e=GOOGLE&ds_eid=700000001558501&ds_e1=GOOGLE&gclid=CjwKCAiA0JKfBhBIEiwAPhZXD_uVM_xXcsKD5V8zluAMohNWHzWGRdkrLqg251Mfs_QSLoqamPnunRoCrb8QAvD_BwE&gclsrc=aw.ds ]. 

But if Cloud Enterprise doesn't work for you, we will be making HIPAA available for Standard and Premium as mentioned above: https://www.atlassian.com/wac/roadmap/cloud/hipaa-eligibility-expansion?p=349697da-b8  

We are in the same place.  We must have a BAA and the ability to email with HIPPA coverage, but we only have about 1,500 users.

Thank you!   We are also in the same camp, we need a BAA in place and have far less users than 800+.

That's awesome news. Thanks for the update. As with many others, we weren't going to be able to convert to the cloud until then so now we can make the Feb '24 cutoff.

Thanks!

183c05e59acc and a33bbf8cfcb3 - corrected it both here and the community article - calendar year 2023 (@#%# Covid Brain Fog) 

Similar to the comment above, you're saying it'll be available Q3-2024, however you stop support February 2024.  So are you asking covered entities to be on an unsupported platform for ~6 months, plus the time after that to actually convert over to the hosted platform.  Just want to make sure I'm understanding that correctly.

On the road map, it is stated Q3 2023. Is that still correct? We're hoping so as Jira Server's end of life is February 2024. We can't move to the cloud until we have BAA's in place. 

For those following this ticket, we posted an update in our Community today: https://community.atlassian.com/t5/Trust-Security-articles/Expand-what-s-possible-with-HIPAA/ba-p/2250357 

tldr: Starting in Q3 2023 (CY), HIPAA will be available on Standard, Premium, AND Enterprise plans. The public roadmap will be updated to reflect this information in the next couple weeks. 

I know it took long, but I hope this works well for most of you.  We will keep you updated as we progress toward that date. 

Phil is the hero we didn't know we needed today. 

Oh my Phil, that comment had me rolling in the floor. Thank you for providing a useful response on here.

Well Sascha Teller, your comments are about as helpful as Atlassian's has been. So, thanks, I guess. 

Welcome to the club @Steve Wilkes. Just so you know, Atlassian has a public roadmap and expansion of their HIPAA offering isn't happening until at least Q2 2023 at the earliest. There's already been a number of delays to this though so any 2023 launch is still not guaranteed. Source: https://www.atlassian.com/wac/roadmap/cloud/hipaa-eligibility-expansion?search=hipaa&p=349697da-b8 

We're a midsize software company and are requested to sign BAAs for our Healthcare customers. To be HIPAA compliant we need to sign BAAs with vendors of software that may contain PHI. In the case of a support ticket from a Healthcare customer, ePHI may be present in logs that are uploaded to support and transferred to engineering. We can sign a BAA with our support vendor, but also need to sign with Atlassian as Jira may contain ePHI in attached logs. The Enterprise plan starting at 800 is 3x our current size and makes no sense for us. 

We request that either Atlassian reduces the threshold for the Enterprise plan to 250 or less, or makes the Premium plan eligible for BAAs.

If we do not hear by the end of January we will need to look for alternatives.

We made a move to another cloud-based company (ClickUp) who offered a BAA at a much lower user count and has the ability to import items from Jira OnPrem/Cloud into their environment.  We didn't plan on waiting around until the 11th hour to find out if Atlassian was going to lower the tiers or not.

We are in the same position as @Frank Gutierrez. We are a non-profit small healthcare provider and therefore eligible for the non-profit licensing. However, Enterprise is not eligible for non-profit pricing. To migrate from server to cloud hosting, Enterprise would need to allow much fewer licenses OR offer HIPAA compliance for lower-level plans in order for JSM to be within reach for small, non-profit healthcare providers.

Due to us not having a clear timeline and due to the time it takes to migrate solutions, we were forced to start looking for alternatives this quarter. We expect to make our decision Q1 of '23 assuming Atlassian will not support HIPAA (at which time reversing the decision will be impractical). 

I looked through the comments here and didn't see much mention of what I think is the most important reason to extend HIPPA compliance to lower tier customers: Small healthcare companies are frequently non-profit organizations focused on public health. These businesses provide so many critical services such as residential treatment, geriatric care facilities, crisis services, youth outreach, community clinics, addiction meetings, and mobile healthcare. I would assume that Atlassian would be proud to support these types of businesses. 

If nothing else, it would be nice to see HIPPA compliance offered to non-profit healthcare organizations even if they are on lower tier plans.

The 800 user threshold for Enterprise makes no sense at all - the only motive seems to be to extract $$ from customers. Atlassian should either expand HIPAA offering to the cloud version or expand Enterprise to lower user levels.

Thanks Michael and Corbin. Those were on my radar too, and it looks like we can get off the ground pretty quickly. We can export existing work to CSV from Jira and import to Onedesk with CSV too.

Thanks @Michael Caldwell for the suggestion on using OneDesk

We're exploring FreshService at the moment