Healthcare?

[DJT 0]

Is Evernote working on a way to be HIPAA compliant with some notebooks? It is very useful to keep information about patients for us home health folks, because it can be easily accessed in patient's homes.

[gazumped 11,652]

It would be unusual for any commercial organisation to focus so specifically on one narrow potential market unless there were obvious potential substantial returns. Evernote's underlying structure is available for any aspiring developer seeing a lucrative niche market to write their own front-end. See the Trunk for some examples of such synchronicity. I'm not Evernote, but I'd be surprised if they're looking at this. Besides - a central database for lots of users is not Evernote's model.

I imagine the HIPAA requirements are mainly security-related - see the other threads around here on the subject. Evernote is secure -within common-sense limits - for a single user, but multiple users in various domestic locations with sensitive (and life-critical data) doesn't seem like a smart development. Besides what do you do if your patient doesn't have a hard line and lives outside mobile signal cover?

[GrumpyMonkey 4,319]

do you have any specific hipaa mandated requirements in mind? like g, my guess is that you are talking about some kind of security features, and if so, evernote is exactly the wrong kind of app for it. the service is built around syncing with its servers. i think it is set up to store an individual's data, not data for other people. i'd be pretty surprised if evernote changed its service to meet the needs of a particular industry. you may already be aware of them, but here are some relevant sites:

http://www.healthline.com/health-blogs/tech-medicine/evernote-doctors-revisited-privacy-issues-and-yet-more-uses

http://33charts.com/2009/10/8-ways-physicians-can-use-evernote.html

[jbenson2 2,147]

Is Evernote working on a way to be HIPAA compliant with some notebooks? It is very useful to keep information about patients for us home health folks, because it can be easily accessed in patient's homes.

Evernote is the wrong software if you need to reach HIPAA compliance.

How do you find a HIPAA-compliant software package?

You can't, because no such thing exists.

It's your organization that's HIPAA compliant, and no software application is going to magically make you that way. HIPAA defines a large set of policies and procedures, many of which have nothing to do with technology. Instead of searching for a "HIPAA-approved" label, you should be looking for software that provides the features suggested by HIPAA guidelines, and that also supports the policies and best practices that your organization has set up to protect your data.

What should you be looking for in a software package? For the most part, vendors that support healthcare nonprofits have already given HIPAA considerations a lot of thought,

One of the clearest HIPAA requirements is that organizations keep an audit log of who did what in the software package. It's important that your package be able to track which person accessed which record (down to the client level) on what date, and whether he or she simply viewed it, updated it, or deleted it.

It's also very desirable to be able to track what each user changed specifically ― for instance, to be able to see the value of a field both before and after he or she changed it.

[GrumpyMonkey 4,319]

i'm no expert here jb, but it would seem to me that hipaa-compliant software exists.

http://www.advancedmd.com/company/terms-policies/hipaa-compliance/

as i understand it, what you mean to say is that health care providers are responsible for following hipaa guidelines. companies adhere to hipaa guidelines so that organizations can use the software in order to comply with hipaa guidelines themselves, but i am not sure if the companies are in any way liable, because they are not the objects of certification.

in other words, my understanding is that health care providers are liable not only for how they handle data, but the third party providers they rely upon to help them. if, for example, some health providers started using evernote, then evernote would not be liable. it doesn't claim to be hipaa-compliant, but even if it did, there is no certification body out there to hold them accountable.

[jon1818 1]

I believe this is something that Evernote should really consider.  I am a psychologist and would love to be able to use Evernote to take notes during my sessions.  Without HIPAA compliance, that is not possible.  Take note though (pun intended), that BOX.COM, which is HIPAA compliant, now has a note taking app in Beta.  I would much rather use Evernote for note taking, but without HIPAA compliance, I am forced to look elsewhere.  

 

I notice this thread is now over a year old, so I am wondering if anyone at Evernote might chime in and provide some thoughts about how Evernote can be used effectively in HIPAA compliant environments, or if there are any plans to move in this direction.

[Jon-t 8]

With their new business offering I think EN needs to consider better security, encryption and compliance. Its difficult to say to a company, pay for our business service and you can store all your data....but not that data, or that data, but you can store that data......ad infinitum

[gazumped 11,652]

With their new business offering I think EN needs to consider better security, encryption and compliance. Its difficult to say to a company, pay for our business service and you can store all your data....but not that data, or that data, but you can store that data......ad infinitum ,  

 

Security - recently improved;  encryption - discussed to death already,  and like compliance - in the hands of the user,  not Evernote.  With what would you like them to become compliant anyway?

 

I don't believe Evernote will comment on this thread because 1) it wouldn't make commercial sense to say "never" and 2) to enforce compliance on a user the product would have to be many times more complicated (and more expensive) and would by definition exclude the majority of users who don;t need to be compliant with anything.

 

Just sayin'..

[89882 0]

I believe this is something that Evernote should really consider.  I am a psychologist and would love to be able to use Evernote to take notes during my sessions.  Without HIPAA compliance, that is not possible.  Take note though (pun intended), that BOX.COM, which is HIPAA compliant, now has a note taking app in Beta.  I would much rather use Evernote for note taking, but without HIPAA compliance, I am forced to look elsewhere.  

 

I notice this thread is now over a year old, so I am wondering if anyone at Evernote might chime in and provide some thoughts about how Evernote can be used effectively in HIPAA compliant environments, or if there are any plans to move in this direction.

 

There's a relatively new iPad app out called Insight Notes (www.insightnotes.com) that addresses this issue.  It might be worth a look.  It doesn't have nearly the bells and whistles that Evernote has (what app does?), but it appears to have been designed for exactly the purpose you are describing.

 

My understanding is that box.com is *potentially* HIPAA compliant, but they will only sign a Business Associates agreement (which is required for covered entities) if you have purchased one of their priciest plans.  At least, that's what box.com told me on the phone.

[WishIWasFishin 13]

If EN was compliant with HIPPA security rules and regs they'd probably promote it, since they don't promote it they're probably not HIPPA compliant.  Again, I'm not EN, but being HIPPA compliant would be a promotional item if that were their niche.  My suggestion to you is that if you need HIPPA compliant software, pay the extra bucks and get HIPPA compliant software.  

[denisewagner 0]

This is possibly one of the most short-sighted discussions I've ever heard on Cloud-based security and encryption standards. I work for the marketing department at an academically based healthcare system in the United States. When I started using Evernote, I was still in commercial real estate fielc. Evernote was my GTD life saver. And then, no more. Had to stop using it, which kills me because it could be so terribly useful for blogging, marketing plans, meeting notes, etc.

 

One forum member wrote in another post, "It would be unusual for any commercial organisation to focus so specifically on one narrow potential market unless there were obvious potential substantial returns."

 

This frankly, took my breath away because healthcare is a narrow market, like the Amazon is a narrow river. 

 

And if it's so "narrow"  why have Box.com, Microsoft OneNote, Huddle.com and Backupify gone HIPPA compliant?  Because when you're HIPPA compliant, all users benefit from tighter encryption and data standards. That and by not supporting the HIPPA compliance requirements of the medical market, those companies realized they were leaving money on the table by turning their backs on close to 8 million healthcare workers in the U.S., which does not count all the back office people like me.  Just think of all the physical therapists, behavioral therapists, psychologists, case workers...hell, even the chaplains, who could make use of this. 

 

Now that Evernote is pursuing the business community and making announcements about app integrations like FileThis which allow you to effortlessly store financial data in the software, Evernote will feel an increasing pressure to deliver more stringent encryption and security standards. It will be such a shame that the company that provided by most engaging UX, best compilation of features and the greatest collection of ancillary products like Post-it and Moleskin, could ultimately lose dominance because it considered itself "too cool for HIPPA" or too arrogant to think that offering a solid encryption and security standard would be important to their customer base. Unless there's a good financial reason why they aren't pursuing HIPPA, which implies some chilling arrangements.

 

I'll give them the benefit of the doubt, and assume their sinning on the side of arrogance (and not strategic information access arrangements), here's some information on HIPPA security information that 2 seconds with a Google search engine turned up.

 

• http://resource.onlinetech.com/encrypting-data-to-meet-hipaa-compliance/
• http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/security101.p

Get with the program.

•  

[gazumped 11,652]

..er,  it should be noted that all the comments here are pure speculation from Evernote users and the company itself hasn't made any comment for or against encryption or professional standards,  which is entirely their normal stance.  They don't do 'arrogance',  just silence...