Is Evernote HIPAA compliant?

No, Evernote has asserted that it is not HIPAA compliant. Evernote is designed to make file sharing easier, so it conflicts with the privacy standards of HIPAA.

Evernote doesn’t offer a Business Associate Agreement (BAA). Even though it incorporates some protection features that can prevent unauthorized access, the overall security controls aren’t sufficient to meet HIPAA standards. Evernote can only be used for medical data storage purposes if it’s completely offline and is going to stay offline. The computer that Evernote is set up on should be encrypted in order to prevent unauthorized personnel from accessing the information. Given that its primary purpose is file sharing, Evernote isn’t the ideal solution for handling PHI and shouldn’t be used to store PHI.

Product details

Company Logo

Business Associate Agreement


HIPAA Compliant



Note-Taking Apps

Product description

Evernote is a cloud-based, cross-platform app designed for note-taking and archiving. It allows you to access your notes on your computer, tablet, or smartphone — helping you collect information and keep it organized from any device.


Readers should perform their own research before making the final decision. The information on the Jotform HIPAA Compliance Checker does not constitute official healthcare or legal advice. Jotform is not liable for any damage or liabilities arising out of or connected in any manner with this platform.

If you see any incorrect, incomplete or inaccurate information, please request correction by filling the form below.

Request Correction