Jump to content
Sign in to follow this  
Paula P

Evernote for Confidential or Sensitive Data (HIPAA, FERPA, etc.)

Recommended Posts

I would like to expand on this topic, if possible. I can move this to its own topic, if necessary.

 

I am a therapist. I would like to use Evernote to maintain my session notes/journal entries for my clients. I can see that I can encrypt specific text within a note. However, I'd like to be able to add a second level of password (other than my app password) to that section of notes. Or somehow make it separate and somewhat protected. 

 

Do you have suggestions on how to go about doing that? Are there any therapists or others dealing in confidential information that use Evernote for this purpose?

 

Thanks!

Paula

Share this post


Link to post

I would like to expand on this topic, if possible. I can move this to its own topic, if necessary.

 

I am a therapist. I would like to use Evernote to maintain my session notes/journal entries for my clients. I can see that I can encrypt specific text within a note. However, I'd like to be able to add a second level of password (other than my app password) to that section of notes. Or somehow make it separate and somewhat protected. 

 

Do you have suggestions on how to go about doing that? Are there any therapists or others dealing in confidential information that use Evernote for this purpose?

 

Thanks!

Paula

 

If you are a professional/certified therapist, I suspect you would be running afoul of HIPAA by syncing confidential / sensitive information about your clients to Evernote and I would strongly advise against it. Evernote is not HIPAA compliant and they are quite clear about this (see the link below). I don't know enough to speak to say more about HIPAA. I would recommend you talk with colleagues and perhaps legal counsel to make sure the procedures you use to handle patient data are HIPAA compliant.

 

More generally (this applies to everyone, especially people handling others' data), my advice would be to encrypt your local drive (if you are not already--it is quite simple on a Mac), use local Evernote notebooks (these don't sync to the cloud) for confidential information, and be very careful to never sync anything confidential / sensitive to the cloud before applying 128- or 256-bit AES encryption to it.

 

I have more detailed advice on my blog about how I try to stay secure with mobile devices, but in my case (as a teacher dealing with others' confidential / sensitive data) I use a separate app with more security. I am afraid Evernote is (in my estimation) insufficient for handling student data (the FERPA requirements I am subject to are unclear about this and seem to be a lot more relaxed than the HIPAA ones that would presumably apply to you). There is a way to use local notebooks in Evernote (not synced to the cloud) and still have access to them on a mobile device, but it involves using a remote login service (I talk about this a little bit in the link below).

http://www.christopher-mayo.com/?p=1605

 

Evernote has promised to bring us "sexy" encryption in the future at some point, and I am definitely looking forward to that! Perhaps, it will even become HIPAA compliant someday. 

 

[EDIT:] Following your suggestion, I have split this off into its own thread. 

  • Like 3

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...