Is Supernote HIPAA Compliant? The Truth About Using Supernote Devices for Protected Health Information
The appeal of Supernote is immediately understandable. Ratta’s e-ink tablet offers something genuinely rare in a world saturated with glowing screens and notification-driven productivity tools: a quiet, focused surface for writing and thinking. The stylus feels natural. The battery lasts for weeks. The interface does not compete for attention with social media alerts, email badges, or algorithmic feeds. For a writer, a researcher, or a professional who simply wants to think in longhand without digital distraction, the Supernote is a compelling device.
Then the healthcare professional picks one up. The physician who spends long hospital shifts documenting patient encounters. The therapist who prefers handwritten session notes for their clinical richness. The nurse practitioner who wants a portable surface for recording observations during rounds. The clinical researcher who needs a distraction-free environment for annotating study protocols and recording field observations. Each of these professionals sees in Supernote exactly what the writers and researchers see - a beautiful, focused tool for capturing thinking - and each begins to wonder whether it could replace or supplement the clinical documentation workflow they already find cumbersome.
That is the moment when the critical question arises: can Supernote handle protected health information safely and lawfully under HIPAA?
The answer, examined carefully and thoroughly, is no. And the reasons extend well beyond a single missing checkbox or a single absent feature. They are structural, architectural, and fundamental to how Supernote was designed, what it was designed for, and what it was never intended to do.
Understanding What HIPAA Actually Requires
Before examining Supernote’s specific shortcomings in the HIPAA context, it is important to understand what HIPAA actually demands from any tool that touches protected health information. The regulation is frequently misunderstood as being primarily about encryption or primarily about passwords. It is neither. HIPAA is a comprehensive framework that addresses the entire lifecycle of protected health information - from creation through storage, transmission, access, modification, retention, and eventual disposal.
The HIPAA Privacy Rule establishes who can access PHI and under what circumstances. The Security Rule establishes the technical, physical, and administrative safeguards that must protect electronic PHI. The Breach Notification Rule establishes the obligations that arise when PHI is compromised. Together, these rules create a compliance environment that touches every aspect of how a healthcare organization handles patient data.
The Security Rule is particularly relevant to the evaluation of any note-taking tool, because it specifies three categories of safeguards that must be in place. Administrative safeguards include risk assessments, workforce training, contingency planning, and information access management. Physical safeguards include facility access controls, workstation security, and device and media controls. Technical safeguards include access controls, audit controls, integrity controls, and transmission security.
Any tool that a healthcare professional uses to create, store, access, modify, or transmit PHI must satisfy all three categories of safeguards. The tool itself does not need to provide every safeguard - some are organizational rather than technological - but the tool must not make compliance impossible by its design. A tool that cannot provide audit logging, for example, makes the audit control requirement unsatisfiable regardless of what organizational policies surround it.
The Business Associate Agreement is the legal mechanism through which HIPAA extends its requirements to vendors. Any vendor that creates, receives, maintains, or transmits PHI on behalf of a covered entity must sign a BAA committing to the same protections that HIPAA requires of the covered entity itself. Without a BAA, the use of a vendor’s tool for PHI handling is a violation of HIPAA regardless of how secure the tool may appear to be.
These are not theoretical requirements. They are actively enforced by the Office for Civil Rights within the Department of Health and Human Services, and the penalties for violation are substantial and well-documented.
Supernote’s Architectural Limitations for HIPAA Compliance
The Absence of a Business Associate Agreement
As of the current date, Ratta does not offer a Business Associate Agreement for the Supernote product line. This is not an oversight or an omission that will be corrected in a future firmware update. It reflects the fundamental reality that Supernote was designed as a consumer productivity device, not as a healthcare documentation platform. Ratta’s business model, engineering priorities, and product roadmap are oriented toward writers, students, and general productivity users - not toward the regulated healthcare market with its specific legal and technical requirements.
The absence of a BAA means that no healthcare provider can legally use Supernote to handle PHI. This is true regardless of how the device is configured, regardless of what additional security measures the provider implements, and regardless of whether a breach ever actually occurs. The regulation requires the agreement. The agreement does not exist. The analysis could reasonably end here, but the underlying technical limitations deserve examination because they illuminate why the BAA does not exist and why the compliance gap is structural rather than contractual.
Cloud Synchronization as a Compliance Liability
Supernote supports data synchronization through Supernote Cloud, Dropbox, and other third-party services. These synchronization pathways are presented as convenience features - ways to move files between the Supernote device and a computer, to back up handwritten notes, or to import documents for annotation.
In a HIPAA context, each synchronization pathway is a potential compliance violation. Supernote Cloud is operated by Ratta without a BAA. Dropbox in its free and personal tiers does not provide a BAA. Even Dropbox Business, which can be covered under a BAA, requires specific configuration and organizational agreements that the Supernote synchronization workflow does not enforce or verify.
When a healthcare professional syncs a Supernote file containing patient information to any of these cloud services, they have transmitted PHI to a third party without the required legal agreement in place. The transmission may be encrypted in transit - most modern cloud services use TLS for data transmission - but HIPAA’s requirements go far beyond transport encryption. The receiving service must agree to protect the data according to HIPAA standards, must implement the required safeguards, must report breaches, and must return or destroy PHI when the business relationship ends. None of these obligations attach to Supernote’s cloud synchronization partners in the context of Supernote’s consumer product workflow.
The risk is compounded by the fact that synchronization in many note-taking workflows is automatic or semi-automatic. A healthcare professional who enables Supernote Cloud synchronization for the convenience of backing up their personal notes may not realize that clinical notes created on the same device are also being synchronized. The boundary between personal and professional content on a single device is maintained only by the user’s discipline, not by any technical enforcement in the device’s architecture.
The Audit Trail Gap
HIPAA’s audit control requirement exists for a specific and important reason: in the event of a suspected breach, unauthorized access, or regulatory inquiry, the covered entity must be able to demonstrate who accessed what PHI, when they accessed it, what they did with it, and whether the access was authorized. Audit trails are not optional compliance decorations. They are the evidentiary foundation that allows organizations to investigate incidents, demonstrate compliance, and respond to regulatory inquiries with documented facts rather than assertions.
Supernote provides no audit trail capability. The device does not log file access events. It does not record when a note was opened, by whom, or for how long. It does not track modifications with user attribution. It does not maintain access logs that could be reviewed in the event of an incident. It does not provide any mechanism for an administrator to review the history of interactions with any file on the device.
This gap is not a minor deficiency that could be compensated by organizational policies. If PHI exists on a Supernote device and a compliance question arises about who accessed that PHI, there is no device-level evidence to examine. The organization’s compliance response is reduced to asking the user what they remember, which is precisely the kind of undocumented, assertion-based response that HIPAA’s audit control requirement was designed to prevent.
Device-Level Security Shortcomings
Supernote stores files locally on the device, which is sometimes interpreted as a security advantage over cloud-dependent alternatives. Local storage does avoid the cloud-specific risks discussed above, but it introduces its own set of HIPAA concerns that Supernote’s current security architecture does not adequately address.
The device does not provide mandatory encryption at rest at the device level. Files stored on the Supernote are accessible to anyone with physical possession of the device. Handwritten notes containing patient names, diagnostic impressions, treatment plans, or medication details are readable without any authentication barrier if the device is picked up by an unauthorized person.
HIPAA’s physical safeguard requirements specifically address the risk of device loss, theft, and unauthorized physical access. The regulation expects encryption at rest, mandatory authentication before access, automatic screen locking after periods of inactivity, and documented procedures for device loss or theft. Supernote’s security model does not satisfy these expectations at the device level, leaving the covered entity unable to demonstrate the physical safeguard compliance that HIPAA requires.
The multi-user scenario presents an additional concern. In clinical environments, devices are sometimes shared among staff members - a tablet used during one shift may be used by a different clinician during the next shift. Supernote does not provide secure multi-user management with per-user access controls. All content on the device is accessible to any user of the device, which in a shared-device clinical environment means that one clinician’s patient notes could be visible to another clinician who has no treatment relationship with those patients and therefore no legitimate access to their PHI.
Export and Transfer Vulnerabilities
Supernote’s export capabilities allow users to convert handwritten pages to PDFs or images for sharing and backup. This functionality is useful in general productivity contexts but creates significant compliance exposure in healthcare settings.
A clinician who exports handwritten session notes as a PDF creates an unencrypted file containing PHI. If that PDF is transmitted via unencrypted email, copied to a USB drive without encryption, uploaded to a personal cloud storage account, or shared through any channel that does not meet HIPAA’s transmission security requirements, the export constitutes a PHI breach regardless of how securely the original note was stored on the Supernote device.
The export workflow provides no HIPAA-specific guardrails. There is no encryption applied to exported files. There is no access control on the export function. There is no audit logging of export events. There is no mechanism to prevent export of files that have been tagged or classified as containing PHI. The entire responsibility for ensuring that exported PHI is handled appropriately falls on the individual user’s awareness and discipline - exactly the kind of human-dependent safeguard that HIPAA’s technical requirements are designed to supplement.
Data Retention and Disposal Gaps
HIPAA requires documented data retention and disposal policies, and it requires that the tools used to handle PHI support the enforcement of those policies. Patient data must be retained for the period specified by applicable regulations and organizational policies, and it must be securely disposed of when the retention period expires.
Supernote provides no centralized management capability for retention policies. There is no automated deletion of files after a specified retention period. There is no administrative interface for reviewing what data exists on devices across an organization. There is no secure deletion capability that overwrites file content to prevent forensic recovery. All data management is manual, per-device, and dependent on individual user compliance with organizational policies.
In a healthcare organization where dozens or hundreds of clinicians use note-taking devices, the inability to centrally manage data retention means that PHI may persist on individual devices long after its required retention period has expired, and the organization has no systematic way to verify that disposal has occurred. This exposes the organization to liability for both retention failures - disposing of data that should have been retained - and disposal failures - retaining data that should have been disposed of.
The Consequences of Non-Compliance Are Real and Severe
The legal and financial consequences of using non-compliant tools for PHI handling are not hypothetical. The Office for Civil Rights has pursued enforcement actions for exactly the kind of compliance failures that Supernote’s limitations create.
Fines for HIPAA violations are structured in tiers based on the level of culpability. Violations due to reasonable cause but not willful neglect carry fines of one hundred dollars to fifty thousand dollars per incident. Violations due to willful neglect that are corrected within the required timeframe carry fines of ten thousand dollars to fifty thousand dollars per incident. Violations due to willful neglect that are not corrected carry fines of fifty thousand dollars per incident. Annual penalty caps can reach one and a half million dollars per violation category.
Beyond direct financial penalties, HIPAA violations create reputational damage that can be far more costly than the fines themselves. Patient trust, once lost through a publicized data breach, is extremely difficult to rebuild. Professional licensing boards may take independent action against healthcare professionals involved in serious privacy violations. Civil litigation from affected patients can result in damages that exceed regulatory penalties. Insurance carriers may increase premiums or decline coverage for organizations with compliance violation histories.
The critical point is that penalties can be imposed for the mere use of a non-compliant platform, even in the absence of an actual breach. A healthcare organization that stores PHI on Supernote devices without a BAA is in violation of HIPAA regardless of whether the PHI is ever actually compromised. The violation is the use of the non-compliant tool, not the occurrence of a breach. This means that the risk is present from the first moment PHI touches the Supernote device, and it compounds with every additional clinical note created on the platform.
VaultBook: The Architecture That Makes Compliance Natural
The compliance challenges that disqualify Supernote from healthcare use are not minor gaps that a firmware update or a policy workaround could address. They are structural consequences of a product designed for consumer productivity rather than regulated professional use. Addressing them would require fundamentally redesigning the device’s storage architecture, security model, synchronization framework, and administrative capabilities - essentially creating a different product.
VaultBook takes the opposite approach. Rather than attempting to retrofit compliance onto a consumer architecture, VaultBook was built from the foundation with an architecture that makes the most common compliance violations structurally impossible.
Zero Cloud Dependency: The Most Powerful Compliance Decision
VaultBook runs entirely offline. The application operates in the browser and accesses a local folder through the File System Access API. No content is transmitted to any server at any point during any operation. No network request is made during note creation, editing, searching, file attachment, analytical computation, or any other standard workflow operation. The application functions identically whether the device is connected to the internet or completely isolated from all networks.
This architectural decision eliminates the entire category of cloud-related HIPAA risks in a single stroke. There is no cloud service to require a BAA with because there is no cloud service. There is no transmission security concern because there is no transmission. There is no cloud storage access control issue because there is no cloud storage. There is no third-party data handling risk because there is no third party. The compliance questions that consume hundreds of hours of legal and technical review for cloud-connected tools simply do not arise for VaultBook because the technical preconditions for those questions do not exist.
For healthcare professionals who want multi-device access to their vault, VaultBook supports optional manual synchronization through the user’s own chosen tools. The vault folder can be placed inside a Dropbox Business, OneDrive for Business, or organizational file server directory that already operates under the organization’s existing BAA and security controls. The critical distinction is that VaultBook itself never initiates synchronization. The professional controls when data moves, through what channel it moves, and under what compliance framework that channel operates. Synchronization is an explicit, auditable, user-initiated decision rather than an invisible background process.
AES-256-GCM Encryption: Cryptographic Protection That Meets the Standard
VaultBook’s per-entry encryption uses AES-256-GCM, which is the Advanced Encryption Standard with a two-hundred-fifty-six-bit key in Galois/Counter Mode. This is not a proprietary encryption scheme or a simplified consumer-grade cipher. AES-256-GCM is the encryption standard used by intelligence agencies, financial institutions, and military communications systems worldwide. It provides both confidentiality - preventing unauthorized reading of content - and authentication - ensuring that encrypted content has not been tampered with.
Key derivation uses PBKDF2 with one hundred thousand iterations of SHA-256. Each encryption operation generates a random sixteen-byte salt and a twelve-byte initialization vector, ensuring that even if the same password is used for multiple entries, the actual encryption key material is unique for each encryption operation. This prevents the class of attacks where an adversary who compromises one encrypted entry can use the same key to decrypt other entries.
The encryption is per-entry rather than per-vault. Each protected note has its own independent encryption derived from its own password. There is no master key that unlocks all encrypted content. There is no recovery mechanism that could provide third-party access. There is no server that holds any part of the key material. The decrypted plaintext exists only in browser memory while the note is being actively viewed or edited, and is never written to persistent storage in unencrypted form.
Session password caching prevents the application from repeatedly prompting for the password during a single working session, preserving clinical workflow fluidity without compromising the security architecture. When the clinician steps away, the lock screen provides a full-page blur overlay with complete pointer-event blocking and user-selection prevention, ensuring that vault contents are visually and interactionally inaccessible until the password is re-entered.
For the healthcare professional, this encryption architecture means that even if the physical device is lost or stolen, encrypted entries remain cryptographically inaccessible without the password. This directly addresses the device-level security gap that makes Supernote unsuitable for PHI - the gap between local storage and actual protection of stored content.
Deep File Indexing: Every Clinical Document Becomes Searchable
Healthcare documentation does not live only in note text. It lives in attached PDF lab reports, in Excel spreadsheets tracking patient metrics, in PowerPoint presentations from clinical conferences, in Outlook emails from referring physicians, in scanned documents from paper-based intake processes, and in archived files from prior documentation systems. A clinical knowledge management tool that can only search note text while leaving attached documents as opaque, unsearchable files fails the clinician whose critical patient information is distributed across document types.
VaultBook’s deep attachment indexing extracts searchable text from virtually every document format that healthcare professionals encounter. PDF text layer extraction via pdf.js handles lab reports, referral letters, clinical guidelines, insurance correspondence, and regulatory documents. XLSX and XLSM text extraction via SheetJS handles patient tracking spreadsheets, outcomes data, staffing schedules, and formulary references. PPTX slide text extraction via JSZip handles presentation materials from grand rounds, case conferences, continuing education sessions, and departmental meetings. ZIP archive contents indexing handles compressed collections of documents. MSG parsing extracts subject lines, sender information, body content, and deep attachment indexing from Outlook email files, making preserved clinical correspondence fully searchable within the vault.
OCR of embedded images extends this indexing to visually encoded clinical content. Images inside ZIP archives are OCR-processed. Rendered PDF pages from scanned documents - the kind of PDF that contains page images rather than text layers, common in legacy medical records and faxed documents - are OCR-processed so that even scanned clinical documents become searchable text. Images embedded inside DOCX files are OCR-processed. Images embedded inside XLSX files are OCR-processed. This means that a radiology report containing embedded imaging thumbnails, a discharge summary scanned from a paper chart, or a clinical photograph with annotation text becomes fully searchable within the vault.
Inline OCR processes images within entries automatically, extracting text that is cached per item and indexed for search. A clinician who pastes a photograph of a whiteboard from a case conference, a screenshot of a lab result from the EHR, or an image of a handwritten specialist consultation note gains searchable text content within the vault without any manual transcription step.
All indexing operations run locally within the browser on the clinician’s device. No document content is transmitted to any cloud OCR service, any cloud indexing system, or any external text extraction API. The patient’s lab reports, referral letters, clinical photographs, and specialist correspondence remain within the vault throughout every indexing operation.
The QA Search System: Clinical Intelligence at Your Fingertips
Finding the right clinical information at the right moment is not an abstract convenience - it is a patient safety issue. The clinician who cannot locate the allergy documentation for a patient about to receive a new medication, the therapist who cannot find the session notes documenting a prior crisis intervention, the researcher who cannot retrieve the adverse event report from a clinical trial - each faces a situation where the inability to retrieve information has direct consequences for patient care.
VaultBook’s Ask a Question feature provides natural-language query capability with a weighted scoring system designed to surface the most clinically relevant results first. Titles carry a weight of eight, making them the strongest retrieval signal. Labels carry a weight of six, reflecting their curated categorical significance - a label like “cardiology” or “adverse-event” or “urgent-follow-up” has high informational value. Inline OCR text carries a weight of five, ensuring that content extracted from clinical images is highly discoverable. Body and details content carry a weight of four. Section text carries a weight of three. Main attachment names and content carry a weight of two, and section attachment content carries a weight of one.
Paginated results with six entries per page and navigable controls prevent information overload while ensuring comprehensive access. Attachment text warm-up automatically loads indexed text for the top twelve candidate results, ensuring that content buried inside attached documents is available for scoring without requiring the clinician to wait.
Typeahead search provides real-time dropdown suggestions as the clinician types, searching across titles, details, labels, attachment names, and content. Query suggestions from history surface past queries based on the clinician’s search patterns, supporting the recurring information needs that characterize clinical work - the same diagnostic criteria consulted repeatedly, the same treatment protocols referenced across similar cases, the same formulary entries checked for each new prescription.
Vote-based reranking allows the clinician to upvote or downvote search results, creating a relevance engine that adapts to the clinician’s own priorities over time. Results that the clinician consistently finds useful rise in ranking. Results that are technically relevant but not clinically useful are deprioritized. This creates a search experience that becomes more accurate with use - and all of the learning happens locally, with votes stored in the local repository and never transmitted to any external service.
Related Entries surface contextual similarity suggestions when browsing an entry. A clinician reviewing a patient’s current treatment plan might see related entries suggesting the initial assessment, the referral documentation, or a similar case from the past. The suggestions can be upvoted or downvoted to train relevance, creating an increasingly accurate map of the clinician’s knowledge structure that exists entirely within the local vault.
Smart Label Suggestions analyze entry content and suggest relevant labels, presented as pastel-styled chips with frequency counts. A clinician writing a note about a diabetic patient’s medication adjustment might receive automatic suggestions for labels like “endocrine,” “medication-change,” and “follow-up-required” - accelerating the categorization that makes future retrieval efficient.
Organization That Matches Clinical Thinking
Clinical knowledge is inherently hierarchical and multidimensional. A physician’s knowledge base naturally organizes by patient, by condition, by treatment approach, and by temporal phase simultaneously. A single clinical encounter might be relevant to a specific patient’s longitudinal record, to a diagnostic category for reference purposes, to a treatment protocol under evaluation, and to a research question under investigation. Note-taking tools that force knowledge into a single flat organizational dimension cannot represent the way clinical thinking actually works.
VaultBook’s Pages provide hierarchical notebook organization with nested parent-child trees, disclosure arrows for navigation, drag-and-drop reordering, and context menus for management. A physician might create top-level pages for each clinical specialty area, with nested child pages for specific conditions, and further nested pages for treatment protocols within each condition. The organizational depth is unlimited and adapts to the complexity of the clinical domain.
Labels provide a cross-cutting categorical dimension that operates independently of the page hierarchy. Color-coded label pills in the sidebar enable instant filtering by any combination of clinical categories. A cardiologist might organize by page hierarchy according to patient or condition while labeling entries by urgency level, treatment phase, study enrollment status, or insurance authorization stage. The two organizational dimensions - hierarchical and categorical - work together to provide the multidimensional navigation that clinical knowledge requires.
Sections within entries provide sub-entry structure with independent titles, rich text bodies, and independent attachments. Each section collapses and expands as an accordion with clip count badges indicating attachment density. A clinical encounter note might contain sections for chief complaint, history of present illness, review of systems, physical examination, assessment, and plan - each with its own formatted content and its own attached documents, all organized within a single entry that represents the complete encounter.
The rich text editor provides the formatting that clinical documentation demands. Bold, italic, underline, and strikethrough handle emphasis and conventions. Ordered and unordered lists support structured clinical content. Headings from H1 through H6 enable hierarchical document organization. Tables with size picker and context menu operations handle clinical data presentation - medication lists, lab value tracking, differential diagnosis tables. Code blocks with language labels support clinicians who work with clinical informatics, scripting, or data analysis. Callout blocks with accent bars and title headers provide visual emphasis for critical findings, important warnings, or urgent follow-up items. Markdown rendering supports clinicians who prefer structured plain-text writing.
Inline hashtags within entry content auto-generate Kanban Board columns, creating visual workflow management for clinical processes. A clinician tracking patient cases through stages might use hashtags like #initial-assessment, #awaiting-labs, #treatment-active, #follow-up-scheduled, and #case-closed. The Kanban Board automatically generates columns from these hashtags and distributes entries accordingly, providing a visual pipeline view of clinical caseload without any manual card creation or status updating.
Favorites provide a dedicated quick-access panel for frequently consulted clinical references - formulary entries, dosing calculators, diagnostic criteria, institutional protocols, or active patient summaries that need to be referenced multiple times daily.
The sidebar time tabs surface entries along the temporal dimensions that matter most in clinical work. The Recent tab shows recently modified entries - the patients seen today, the notes updated this shift. The Due tab shows entries with upcoming due dates - follow-up appointments, lab recheck dates, prior authorization deadlines. The Expiring tab highlights entries approaching expiry - time-sensitive clinical data, expiring referrals, or documentation that requires periodic review and renewal.
Pagination with configurable items per page keeps the interface responsive regardless of how large the clinical vault grows. A clinician with years of accumulated patient documentation navigates efficiently through a vault of thousands of entries because the pagination system presents manageable pages rather than overwhelming scrolls.
The Complete Built-In Tools Suite: Clinical Workflow Without Leaving the Vault
VaultBook’s built-in tools handle the professional workflow tasks that arise alongside clinical documentation, keeping sensitive patient information within the private vault rather than requiring context-switching to external applications with their own compliance implications.
The File Analyzer handles CSV and TXT data files locally - useful for analyzing patient outcome data, reviewing lab exports, or examining clinical trial datasets without uploading sensitive data to external analytics services. The Kanban Board auto-generates from vault labels and inline hashtags, providing visual caseload management directly from clinical notes. The Reader tool manages RSS and Atom feeds with folder organization, bringing clinical journal monitoring and medical news tracking inside the vault. The Threads tool provides chat-style sequential capture for real-time clinical documentation - shift handoff notes, rapid observation sequences during procedures, or time-stamped documentation during clinical events. The Save URL to Entry tool captures clinical web resources as vault entries.
The PDF Merge and Split and PDF Compress tools handle document operations that clinicians encounter daily - combining multi-page lab reports, splitting composite clinical documents, or compressing scanned records for efficient storage. The MP3 Cutter and Joiner handles audio editing for clinicians who record verbal notes, dictation, or patient-consented session recordings. The File Explorer navigates vault attachments by type, entry, or page - finding all attached PDFs across a patient’s record, for example. The Photo and Video Explorer scans media folders for clinical photographs and procedure documentation. The Password Generator creates strong credentials locally for the various clinical systems that healthcare professionals must authenticate to. The Folder Analyzer provides disk space and file size visibility for managing vault storage. The Import from Obsidian tool migrates existing markdown-based clinical notes directly into the vault structure for clinicians transitioning from other documentation tools.
Every tool operates entirely within the vault’s local architecture. No clinical content processed by any built-in tool is transmitted to any external service. The complete clinical working environment resides in the vault, completely private, completely offline, and completely under the clinician’s own control.
Version History: The Clinical Audit Trail
Clinical documentation has specific version control requirements that general note-taking tools rarely address. When a treatment plan is modified, the prior version must be preserved for the clinical record. When a diagnostic impression evolves as new information becomes available, the progression of clinical thinking must be documented. When a medication order is changed, the history of prior orders must remain accessible for safety review.
VaultBook’s version history creates per-entry snapshots stored in a local versions directory with a sixty-day retention period. The history interface presents versions from newest to oldest in a modal accessible through the clock button on entry cards. Each version is a complete snapshot of the entry at the point of save.
The version files are standard markdown, readable with any text editor without requiring VaultBook to be running. They are independently archivable, independently portable, and independently producible for medical records requests, legal proceedings, or regulatory audits. For the documentation requirements that HIPAA and medical records regulations impose, the version history provides locally stored, fully auditable evidence of how clinical documentation evolved over time.
Analytics, Timetable, and Advanced Navigation
VaultBook’s analytics provide intelligence about the composition and usage patterns of the clinical knowledge base - computed entirely from local repository metadata and visible only within the vault. The basic analytics sidebar shows total entry count, entries with attached files, total file count, and total storage size. Strength metric pills provide health indicators with expandable detail views.
The four canvas-rendered analytics charts offer deeper insight. The Last Fourteen Days Activity line chart reveals documentation rhythm. The Month Activity chart extends this to three months. The Label Utilization pie chart shows how clinical categories distribute across the vault. The Pages Utilization pie chart shows entry distribution across organizational areas. File type breakdown chips show the composition of the attached clinical document corpus by format. All analytics are computed locally and visible only to the clinician.
The Timetable provides day and week calendar views with a scrollable twenty-four-hour timeline and disk-backed persistence. Integration with the AI Suggestions carousel surfaces upcoming scheduled events alongside contextually relevant vault content. The Timetable Ticker in the sidebar shows upcoming events at a glance.
Multi-Tab Views allow multiple entry list tabs open simultaneously, each maintaining independent page filter, label filter, search state, and sort configuration. The clinician cross-referencing a current patient’s documentation against a similar prior case, or reviewing treatment protocols alongside active patient notes, navigates freely across concurrent views without losing context.
Advanced Filters provide compound query dimensions - by file type with match-any or match-all logic, by date field and date range. The clinician who needs all entries with attached PDFs modified in the last thirty days carrying a specific clinical label produces that precisely targeted view in a single filter operation.
The Random Note Spotlight surfaces a randomly selected vault entry hourly, occasionally rediscovering a forgotten case study, a prior clinical protocol, or an archived reference that proves relevant to a current clinical question.
AI Intelligence That Respects Clinical Privacy
VaultBook’s AI Suggestions feature uses a four-page carousel that surfaces contextually relevant clinical content based on the clinician’s own usage patterns. The first page shows suggestions based on upcoming scheduled entries and weekday reading patterns - which clinical references and patient records the clinician tends to access on the current day of the week over the preceding four weeks. The second page shows recently read entries with timestamps for continuity of attention across shifts. The third page shows recently opened files and attachments. The fourth page shows recently used tools.
The intelligence learns the clinician’s personalized relevance distribution across their clinical library. Over time, the suggestions become attuned to clinical working patterns - which patient cases receive attention on which days, which reference entries are consulted most frequently in which clinical contexts, which files are accessed alongside which notes. This is genuine personalized clinical intelligence, and it runs entirely within the browser on the local device. No clinical usage pattern, no patient record access behavior, and no relevance signal is ever transmitted to any external service.
The Storage Architecture: Transparent, Portable, and Auditable
VaultBook’s storage architecture is deliberately transparent. The vault is a local folder. The repository state lives in a single repository.json file that is human-readable JSON. Entry bodies are stored as sidecar markdown files readable with any text editor. Attachments are stored as files with a JSON manifest. Version history snapshots are standard markdown files.
Every piece of data that VaultBook stores is in a standard, open format that can be read, inspected, backed up, versioned, and migrated without VaultBook running. The clinician who needs to verify exactly what their vault contains can open repository.json and read it. The clinician who needs to back up the vault can copy the folder. The clinician who needs to produce documentation for a records request can export the relevant files directly. The organization that needs to audit documentation practices can examine the vault contents with standard file system tools.
The save system uses autosave with dirty flag tracking and debouncing, supplemented by a manual save button. A concurrent-write guard prevents data corruption from overlapping save operations. The status badge with sync indicator confirms save state. The close confirmation dialog prevents accidental loss of unsaved clinical documentation.
The Comparison That Matters
The comparison between Supernote and VaultBook for clinical use is not a comparison between two similar products with different feature sets. It is a comparison between a consumer device designed for general productivity and a professional knowledge management system designed with architectural properties that make clinical privacy and compliance achievable.
Supernote stores files locally without encryption at rest. VaultBook encrypts with AES-256-GCM using PBKDF2 key derivation at one hundred thousand iterations.
Supernote syncs to cloud services without BAA coverage. VaultBook never transmits data to any server and supports optional manual sync through the organization’s own compliant infrastructure.
Supernote provides no audit logging. VaultBook’s version history provides per-entry snapshots that document the complete evolution of clinical records in open, auditable formats.
Supernote provides no administrative controls for data retention or disposal. VaultBook’s expiry dates and lifecycle management features support documented retention policies.
Supernote provides no deep document search. VaultBook indexes the full text of PDFs, spreadsheets, presentations, emails, and archives, with OCR for scanned documents and embedded images.
Supernote provides handwriting capture with basic organizational tools. VaultBook provides a complete clinical knowledge management environment with hierarchical organization, multidimensional categorization, intelligent search, AI-powered suggestions, thirteen built-in professional tools, advanced analytics, scheduling, multi-tab navigation, and compound filtering.
In every dimension relevant to clinical use - security, compliance readiness, organizational depth, search capability, document handling, analytical insight, and workflow completeness - VaultBook provides the stronger solution by architectural design rather than by incremental feature addition.
The Professional Standard
Supernote is a beautifully designed device. Its e-ink display, its distraction-free interface, and its handwriting experience are genuinely excellent for their intended purpose. For journaling, for creative writing, for reading and annotating documents that contain no protected information, for personal note-taking that carries no regulatory obligations, Supernote is a fine tool.
But healthcare documentation is not personal note-taking. It carries legal weight, regulatory obligations, and ethical duties to patients whose most sensitive information is entrusted to the clinician’s care. The tool that handles this documentation must meet a standard that consumer productivity devices were never designed to reach.
VaultBook meets that standard. Fully offline. Locally encrypted with per-entry AES-256-GCM. Transparent storage in open formats. Deep document indexing across every common clinical file type. Intelligent search that adapts to the clinician’s practice patterns. A complete suite of built-in professional tools that keep clinical workflows within the private vault. Version history that provides auditable documentation evolution. Analytics that provide practice intelligence without external exposure. And an architecture that makes the most common compliance violations structurally impossible rather than merely procedurally discouraged.
When patient data is at stake, the choice is not about preference. It is about obligation. VaultBook is built for professionals who understand that obligation and refuse to compromise on it.
Your patients’ data deserves protection. VaultBook is built to provide it.