Is Evernote HIPAA Compliant?

Evernote is a cloud-based application that is handy for taking notes, planning projects, making to do lists, and working together in teams. Nevertheless, can healthcare professionals and doctors use Evernote with ePHI without HIPAA violation? Does Evernote support HIPAA compliance?

Evernote is intended to be an accessible database for many digital data, including documents, images, video and audio files. One handy feature of Evernote is its ability to quickly synchronize documents and notes from various devices.

Evernote uses a variety of access and security controls, including single sign-on (SSO) and two-factor authentication to keep unauthorized people from using the application. Evernote encrypts data using AES 128-bit key for security purposes. This feature is available in Mac and Windows Evernote. The platform operates using Google Cloud, which supports HIPAA compliance.

Are the mentioned security features of Evernote enough to support HIPAA compliance?
Though the security features described do offer a great level of protection versus unauthorized access of information, Evernote’s security is not enough to satisfy all the HIPAA Security Rule requirements. In addition, Evernote doesn’t sign any business associate agreement (BAA).

Therefore, Evernote is not considered HIPAA compliant. It must not be used by covered entities in relation to any PHI. Two alternative applications that can be used by healthcare providers include Microsoft OneNote and Google Keep.