We often get asked by customers and prospects about Evernote and their ability to use it in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
In previous posts, we’ve covered the following cloud solutions and their capabilities for HIPAA compliance:
- Amazon CloudFront
- Apple iCloud
- Apple iMessage
- Citrix ShareFile
- Google Calendar
- Google Docs
- Google Drive
- Google Forms
- Google Hangouts
- Google Slides
- Google Voice
- Office 365
Today, we will determine if Evernote offers HIPAA compliant service or not.
SEE ALSO: HIPAA Breaches and Cloud Providers
Evernote is an app designed for note taking, organizing, tasks lists, and archiving. Since it’s a cloud-based service, Evernote serves as a sync point to keep stuff like text documents, photos, videos and audio files in a central place.
Evernote is headquartered 30 minutes south of Paubox in Redwood City, CA.
Evernote and the Business Associate Agreement
We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
We checked Evernote’s site and found the Evernote Business FAQ page.
In it, Evernote states:
Is Evernote Business HIPAA compliant?
Evernote and Evernote Business are not currently compliant.
Does Evernote Offer HIPAA Compliant Service?
The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate.
Since Evernote specifically states they are not HIPAA compliant and therefore do not offer a BAA, we conclude they are not a HIPAA compliant service.
Evernote does not meet HIPAA Compliance standards.
Do not use Evernote if you are bound by HIPAA regulations.