Yes, OneNote is HIPAA compliant. Also, Microsoft’s business associate agreement (BAA) covers OneNote.
OneNote can be HIPAA compliant, provided the right security features and configurations are used. Physical, technical, and administrative safeguards are available through Microsoft’s cloud services, and they meet the guidelines set by HIPAA.
These security and privacy measures help to prevent unauthorized access of electronic protected health information (PHI). Data stored on OneNote is encrypted, and Microsoft provides user access logs on request.
Notes can be shared with other OneNote users through a network or internet connection. Because Microsoft OneNote offers multiuser collaboration, every participating device must meet all HIPAA compliance standards.
Storing or sharing PHI on the software requires a signed business associate agreement (BAA) with the software provider. The BAA offers contractual assurances of HIPAA-compliant safeguards. Microsoft provides a BAA for many of its products, including OneNote.