Evernote, a cloud notetaking app that syncs across mobile, tablet, web, and computer devices, is one of the most useful and popular methods of note organization available today.  But is Evernote HIPAA compliant?Lots of medical providers and business associates want to know how they can use Evernote while still maintaining HIPAA compliance.

Can I use Evernote to keep track of patient information?

Unfortunately, Evernote is not HIPAA compliant.

By its very nature, Evernote is geared towards easily sharing data.  It syncs your data across your phone and computers, and makes it easy to access everything everywhere.

There’s no way to guarantee the safety of the information that you sync, and there are simply too many windows through which a hacker can break in and gain access to information.

It is absolutely not OK to put PHI on Evernote.

Is there any way I can use Evernote in my practice?

The only way that Evernote can be used in a way that involves any protected information is if the notes are kept completely offline. So, if you were to install Evernote on a PC or Mac under an encrypted account, and then put all of your notes in an offline (and it absolutely MUST be offline), then you wouldn’t be violating any HIPAA guidelines.

Unfortunately, though, under those circumstances Evernote would basically just be functioning as a text editor. You’d be better off using Notepad or Text Edit.  The lack of control over your data in these third-party cloud solutions means that they just aren’t safe for handling PHI.

What are my alternatives?

Google Keep

There’s some exciting news coming out of Google on this front.

google-keep-hipaa-compliantGoogle recently announced that Keep, their Evernote competitor, is covered by their HIPAA Business Associate agreement (BAA).

This means that you can use Google Keep to store PHI, but ONLY if:

  1. You’re using Google’s paid G Suite service, and
  2. You’ve signed a HIPAA BAA with Google.

We help practices just like yours to set up G Suite (and their whole practice) to be HIPAA compliant.

Microsoft OneNote

Microsoft didn’t want to be left behind.  Their OneNote service (their version of Evernote) is also covered by the Microsoft HIPAA Business Associate agreement (BAA).

This means that you can use Microsoft OneNote to store PHI, but ONLY if:

  1. You’re using Microsoft’s paid Office 365 service, and
  2. You’ve signed a HIPAA BAA with Microsoft.

We also help practices like yours to set up Office 365 (and their whole practice) to be HIPAA compliant.

Other Options

You’re only other option is going to be to rely on the note-taking features that are made specifically for healthcare practices.  Most of these are bundled with EMR/EHR systems.  A few we found include PracticeFusion, MyClientsPlus, Carepaths, OfficeAlly, and Emphatic. These products range from specific to all-inclusive, simple to complex, and they are just a few of the many PHI-specific note taking solutions on the market.

Want to make your business more secure?

Evernote definitely isn’t HIPAA compliant, even with their paid versions.  But we help customers to switch to Google Keep or Microsoft OneNote.

Still feeling a bit overwhelmed?

Get some free help!  Check out our free 42-Point Checklist for ways to make your practice HIPAA compliant.

Talk to us!

Have questions or feedback?  Please share them in the comments below.

Like this article?  Share it!