Ensuring HIPAA Compliance and Data Security

At Maryland Information Network 211 Maryland Inc., we prioritize the security and privacy of all information entrusted to us. This commitment extends to ensuring that any Protected Health Information (PHI) shared through our systems is handled in full compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Understanding Our Use of Jira for the 211 Care Coordination Patient Referral Portal

To streamline care coordination and enhance the efficiency of the referral process, we utilize Jira Service Management, a secure, cloud-based platform developed by Atlassian. This document outlines how Jira is implemented within our 211 Care Coordination Patient Referral Portal (211 ConnectCare), the measures taken to ensure its compliance with HIPAA, and the steps we take to safeguard the PHI submitted through this system.

Why We Use Jira

Jira serves as the backbone of our referral management system, enabling a centralized, transparent, and efficient process for managing care coordination tasks. By leveraging this platform, we ensure:

• Transparency: Referrals are tracked systematically, allowing providers and organizations to monitor progress in real time.
• Efficiency: Collaboration between healthcare providers, community organizations, and care teams is streamlined, reducing delays and minimizing errors.
• Security: Jira’s robust security architecture is tailored to protect sensitive information, including PHI, in compliance with HIPAA standards.

 

Jira and HIPAA Compliance

Jira, as implemented in our cloud environment, meets the rigorous requirements of HIPAA. Atlassian, the developer of Jira, has adopted industry-standard security measures and offers features designed to align with HIPAA’s Privacy and Security Rules.

Key aspects of Jira’s HIPAA compliance include:

1. Data Encryption: All data is encrypted both during transmission (e.g., via HTTPS) and at rest, using advanced encryption protocols to protect PHI from unauthorized access.
2. Access Controls: Jira employs robust user authentication mechanisms, including multi-factor authentication and role-based permissions, to ensure that only authorized individuals can access sensitive information.
3. Audit Logging: Jira maintains detailed logs of all system activity, providing an audit trail to track access and actions involving PHI, as required under HIPAA.
4. Business Associate Agreement (BAA): Atlassian supports the execution of a Business Associate Agreement (BAA) for organizations that utilize Jira to process PHI. Maryland Information Network, 211 Maryland Inc., has executed a BAA with Atlassian to ensure compliance.

Security Measures in Our Jira Environment

In addition to the compliance features provided by Jira, Maryland Information Network, 211 Maryland Inc., has implemented the following measures to enhance the security and privacy of PHI:

• Secure Cloud Hosting: Our Jira environment is hosted in Atlassian Cloud, which adheres to strict HIPAA and industry security standards, including SOC 2 certification.
• User Training: All personnel accessing the Jira portal receive comprehensive training in HIPAA compliance and data protection protocols to minimize risks associated with human error.
• Continuous Monitoring and Risk Management: We actively monitor our systems for potential vulnerabilities and utilize Atlassian’s advanced security tools to mitigate risks proactively.

User Responsibilities to Maintain Security

While we have implemented stringent security measures, users of the Jira portal play an important role in maintaining the safety of PHI. To ensure compliance and security:

• Only include PHI in designated fields within the portal.
• Access the portal using secure, organization-approved devices and networks.
• Promptly report any suspected security incidents or unauthorized access to our team.

Learn More About HIPAA Compliance and Jira Security

We understand that transparency and education are key to fostering trust and confidence. For additional information, we encourage you to explore the following resources:

• Atlassian Security and Compliance Overview
• Jira HIPAA Compliance Details
• S. Department of Health and Human Services (HHS) HIPAA Guidance

 

Contact Us

If you have any questions or concerns about the handling of PHI within our Jira-based portal, or if you would like to discuss our compliance measures in detail, please contact us at info@211md.org. Maryland Information Network is dedicated to ensuring the security of your data and addressing any concerns you may have.