HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards.
We know the HIPAA industry is vast and that it is important to correctly create notations for proper patient care while remaining HIPAA compliant.
SEE ALSO: HIPAA compliant email
Today, we will determine if Simplenote is HIPAA compliant or not.
Simplenote is a free note-taking app that uses markdown language for text formatting. Developed in 2008 by Simperium, Automattic acquired Simplenote in 2013. Automattic is most known for its contributions to WordPress.
Simplenote sers can easily share, post, store, and search to-do lists, instructions, and notes in a collaborative environment or online. Tags further ensure quick and simple searching.
Simplenote is available for iOS, Android, Mac, Windows, Linux, and from a browser. Notes automatically sync on all devices.
While Simplenote is free, a premium subscription includes automatic backup and notes merging as well as the removal of ads.
Simplenote and the business associate agreement
A major part of HIPAA compliance is ensuring a business associate will sign a business associate agreement (BAA). A business associate is a person or entity that performs certain functions or activities that involves the use or disclosure of PHI.
There is no mention of HIPAA or a BAA on the Simplenote website.
Simplenote and cybersecurity
Simplenote’s website does not include much information and is as streamlined as the product.
- Subsidiaries and independent contractors
- Third-party vendors
- Legal and regulatory requirements
Moreover, the Simplenote developers caution users not to store sensitive information because its storage is not encrypted.
At the same time, they also note that the product uses encryption for data in transit.
Is Simplenote HIPAA compliant?
The BAA is a key component of HIPAA compliance and Simplenote does not appear to have a BAA. Moreover, cybersecurity is lacking and Simplenote states that users should not store sensitive information.
If a breach or HIPAA violation occurs and any PHI is visible, the covered entity is liable.
Simplenote is not HIPAA compliant.