What is compliance of HipChat with various standards such as SOX, Safe Harbour, HIPAA, 508 VPAT accessibility, etc.?
Server / Cloud
- HipChat is not specifically certified to be compliant with HIPAA
- Accessibility section 508 VPAT for HipChat web client can be located at https://www.atlassian.com/accessibility
- We are actively working to become CSA and SOX certified
- HipChat abides by the TLS protocol
- Although the EU-Safe Harbor act has been stricken down, we are still EU-Safe Harbor compliant
- We are working to add SAML support which in turn will bring 2FA and SSO functionality
HipChat may have many features and aspects that may be compliant with the mentioned standards. Therefore, we recommend trying out the application and reaching us for specific functionality and configurations that you need for your compliance. We will help you address those specific concerns if the functionality is what you are looking for rather than the certification itself.
Here's the breakdown of Data Center and Cloud HIPAA protected data:
- If you use an Atlassian product for storage of HIPAA protected data on your Servers behind your firewall, we have no access to your data in any way.
- If you are using the Cloud offering and not storing data that is protected by HIPAA, you're welcome to use our Cloud offering and govern your internal procedure in such way as to not breach HIPAA regulations
- If you're using the Cloud offering and store HIPAA data, you'll likely be in violation of HIPAA
If you choose to investigate HipChat Data Center as an option, ultimately, we'd still recommend consulting with a Solution Partner to investigate your requirements, how they could be implemented in HipChat Data Center, and what configurations could be customized to fit HIPAA compliance.