Can I use Evernote and be HIPAA compliant?

• Amazon CloudFront
• Apple iCloud
• Apple iMessage
• Box
• Citrix ShareFile
• DocuSign
• Dropbox
• FaceTime
• Google Calendar
• Google Docs
• Google Drive
• Google Forms
• Google Hangouts
• Google Slides
• Google Voice
• GoToMeeting
• Heroku
• Intercom
• Office 365
• OneDrive
• SharePoint
• Slack
• Sonic
• WhatsApp
• WordPress
• Yammer
• Zoho
• Zoom

Today, we will determine if Evernote offers HIPAA compliant service or not.

SEE ALSO: HIPAA Breaches and Cloud Providers

About Evernote

Evernote is an app designed for note taking, organizing, tasks lists, and archiving. Since it's a cloud-based service, Evernote serves as a sync point to keep stuff like text documents, photos, videos and audio files in a central place. Evernote is headquartered 30 minutes south of Paubox in Redwood City, CA.

Evernote and the Business Associate Agreement

We’ve previously talked about how a Business Associate Agreement (BAA) is a written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.

We checked Evernote's site and found the Evernote Business FAQ page. In it, Evernote states:  

Is Evernote Business HIPAA compliant?

Evernote and Evernote Business are not currently compliant.

Does Evernote Offer HIPAA Compliant Service?

The Business Associate Agreement is a key component to HIPAA compliance between a Covered Entity and a Business Associate. Since Evernote specifically states they are not HIPAA compliant and therefore do not offer a BAA, we conclude they are not a HIPAA compliant service.

Conclusion

Evernote does not meet HIPAA Compliance standards. Do not use Evernote if you are bound by HIPAA regulations.