DISQUS

The Efficient MD: How Doctors Can Use Evernote As A Professional Memory Accessible Anywhere (Part 1 of 3)

  • patandpan · 1 year ago
    I too discovered Evernote and use it as a way to store all my essential reference material. I am a cardiologist who specializes in echocardiography. There are many reference tables, figures and guidelines that I'd like carry around with me at work. Evernote is my perfect companion. The Evernote website is particularly useful when I am not at my own computer. I can quickly update my collection at a different location. My only complaint is that Evernote does not download the physical files into my iPhone and retrieving files using my iPhone tends to be slow. I hope the next version of the software will improve further but it is a great start.
  • Anonymous · 1 year ago
    I love Evernote, but have often been concerned with the security since I don't believe Evernote encrypts the data that is stored on their servers.

    Are you storing any patient specific data, and if so will this impact your HIPPA compliance?

  • Joshua Schwimmer, MD, FACP, FA · 1 year ago
    Re: The Security of Evernote. I was going to address that in the second post of the series, but it's an important point. The premium Evernote service, which is only $5 a month, provides for encrypted transactions with HTTPS. Here's a post from the Evernote Blog regarding security. There are enough safeguards in place to comply with HIPAA:

    Security and privacy are extremely important topics for Evernote users, and for good reason. Evernote would like to provide a single service to manage your memories for many years. To achieve this, we must provide a very high level of system and data security while offering users a variety of choices to manage their own privacy requirements. Here is a high-level overview of some of the ways in which your data is protected by Evernote.

    When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers. Your login information is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.



  • Anonymous · 1 year ago
    I am waiting with bated breath for part 2. I can see the potential.
  • Anonymous · 1 year ago
    I love the use of Evernote for medical research data. Perfect. But not so fast on EHR's. There is a lot more to HIPAA than encrypted secure transmission of data. HIPAA wouldn't normally allow you to email yourself an EHR to a private email account no matter how secure. Be sure you know 45 CFR 164 and the penalties before trying this.
  • Joshua Schwimmer, MD, FACP, FA · 1 year ago
    Thanks the last comment on security. I stress that this is a proof of concept only, and I'd value your analysis. Please let us know if information transmitted over Evernote is not in compliance with HIPAA. Thanks.
  • Scott · 1 year ago
    I don't believe it is a HIPAA issue unless you transfer/sync the information over the computer, i.e. to Evernote's database/cloud. If you keep the note/medical information/record local, i.e. on your local hard drive, I don't believe this is considered 'transmission'. HIPAA has to do with transmission of PHI electronically. If you are not transmitting, it is not HIPAA.

    Scott <a href="mailto:Bushey
    scott.bushey@yahoo.com">Bushey
    scott.bushey@yahoo.com



  • Joshua Schwimmer, MD, FACP, FA · 1 year ago
    Scott,

    Thanks for the comment. Even so, if the information is transmitted to Evernote and stored securely, is it in violation of HIPAA?

  • Joshua Schwimmer · 1 year ago
    HIPAA issues are addressed further in parts 2 and 3 of the series.
  • Kevin · 7 months ago
    Hey guys,

    I am an evernote user and an EM guy. Quick point, the Evernote Premium service DOES NOT encrypt your information, it just stores it behind an SSL. The information is stored on the EN servers and moved via the net unencrypted. Theoretically, if their servers were hacked, your information could get out.

    KK
  • scott bushey · 6 months ago
    Forgive me for the delay. My statement still stands. The issue would be if you transfer the info over the web to Evernote's server/cloud. If you were to keep the data local, it would not be a break. The issue would remain as we all know we sync over the web; I don't believe EN has an option to select what exactly is to be synced and not synced. Having said this, I believe the issue is moot.
  • Joshua Schwimmer · 6 months ago
    You can create a "notebook" which has private data which isn't synched. In
    this way, you can use Evernote and still comply with HIPAA.