I am evaluating different support platforms for my Healthcare organization. The intention is to use the platform with external and internal users, and the platform should be HIPAA compliant with all the required guidelines of encryption with data in transit and data at rest.
I've looked into the different modules with JIRA but none of them seem to be concrete enough to support HIPAA compliance.
Has anyone used JIRA for Healthcare? How were you able to use JIRA and be HIPAA compliant?
Hi,
There are no ITSM tools that are HIPAA compliant as per my knowledge. The tools need to be tuned and configured to be compliant with Standards for Privacy of Individually Identifiable Health Information and all the security policy as per HIPAA.
The controls that HIPAA requires in case of physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems need to have all the security controls in place. Any ITSM tools with all the controls that adhere to the above point will be easy to use and be compliant with.
Yes, our company (Isos Technology) has helped a number of organizations implement JIRA for the purposes of tracking clinical trials, mobile healthcare applications, and other PHI related implementations. It's not compliant out-of-the-box, but HIPAA compliance can be implemented in JIRA in an elegant way. If you have more questions or would like to discuss details, please reach out to us... www.isostech.com.
Kindly review the product ManageEngine. It covers complete IT Helpdesk functionality with Add-on for GRC, HIPAA requirements;
www.manageengine.com/products/eventlog/eventlog-compliance.html
www.manageengine.com/products/eventlog/hipaa-compliance-reports.html
The app is not HIPPA compliant out-of-box, but you could get it there by hosting a server (not the cloud product) in a secure environment on the other end of a VPN. It would styme some of the interoperability (like the mobile app), but could work.
We plan on using it with external physician offices or labs logging issues with patient orders and/or results. The company should also be willing to sign our BAA or have a BAA that we would sign. In terms of specs, we need the data fully encrypted from at rest to in transit.
One of the best helpdesk software packages on the market currently, fully compliant with HIPAA is ServiceNow. They have a light and a full version. Although they work only in the cloud, there environment is able to be completely encrypted (or parts of it). Many banks and financial institutes are making use of ServiceNow. Also Agfa-Healthcare, a huge worldwide company with many hospitals as customers, is making use of ServiceNow.
Have a look at www.servicenow.com for more info about this tool.
From my investigations it appears that JIRA Service Desk is NOT HIPAA compliant.
What aspects of the IS HIPAA spec are you worried about JIRA violating? Are you intending to use it as a patient-facing solution, or internal for developers?