Is Evernote HIPAA Compliant?

evernotehipaa compliant

Evernote is a useful cloud-based tool for taking notes, making to do lists, planning projects, and collaborating with team members. However, is it acceptable for physicians and other healthcare professionals to use Evernote in connection with ePHI without breaking HIPAA Rules? Is Evernote HIPAA compliant?

Evernote has been designed to serve as a readily accessible repository for a wide range of digital information, such as documents, photos, audio and video files. A key feature of Evernote that makes it very handy is its ability to instantly synchronize files and notes across multiple devices.

Evernote has a range of access and security controls, which include two-factor authentication and single sign-on (SSO) to stop unauthorized use of the application. Both Evernote for Mac and Evernote for Windows Desktop use encryption to keep data secure. In-note encryption uses an AES 128-bit key. The platform runs on the Google Cloud, and Google does support HIPAA compliance.

Is Evernote HIPAA Compliant?

Do the previously mentioned security features make Evernote HIPAA compliant? Although the security features mentioned do provide a good degree of protection against unauthorized data access, security is not sufficient to meet all the requirements of the HIPAA Security Rule requirements at this time. Additionally, Evernote doesn’t offer healthcare organizations a business associate agreement (BAA).

Consequently, Evernote cannot be considered HIPAA compliant. HIPAA covered entities should therefore not use Evernote in association with any PHI.

Alternative solutions are available to healthcare providers, two of which are Google Keep  and Microsoft OneNote.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: