Problem

How do I ensure that I dont have any PHI (Protected Health Information) or PII (Personal Identifiable Information) in my Jira and Confluence posts?

Solution

Do not post any information that you suspect may be considered PHI/PII in any non-secure locations, such as Confluence or Jira.


  • When in doubt, ask. If you are unsure if something qualifies as PHI or PII, ask before you post it. Once PHI or PII is posted, then it needs to be contained; which is a longer process than not posting it in the first place.
  • PII and PHI should never be exposed in Confluence or Jira at any time.
  • There are many pieces of information that qualify as PHI and PII: and these can be in many formats, including (but not limited to):
    • Excel documents
    • Word Documents
    • PDFs
    • Screen captures (jpg, png)
    • Copy/pasted PHI/PHI information in a Jira issue or Confluence page, such as
      • Credentials/Passwords
      • Health Records
      • Social Security numbers
      • Birthdates


PII PMO Standard Operating Procedure (SOP)

PII Protector for Jira

How To: Report a PII Leak

PII Reference Guide