TL:DR

Email is still a universal medium, and everyone uses it. While emails are easy to use but secure, they are NOT. You have to choose between security or ease, but not both!

Enter Google with its Gmail. People got excited about this so-called Confidential Mode, and it’s an easy way to make email more private. It lets you add an “expiration date” to emails, and you can revoke access anytime. Once that date arrives, the email is no longer viewable by the recipient. Messages marked as Confidential can’t be copied, forwarded, printed, or downloaded.

Sounds perfect, right? Not so fast. There are a lot of “gotchas” in the new Confidential Mode that you need to know about, and a variety of sources have written scathing reviews on the misleading nature of the feature.

Google’s Confidential Mode for Gmail

Everyone was excited when Google announced the Gmail Confidential Mode. The premise was that there is a large universe of Gmail account users who could be reached by healthcare providers without forcing them to use any new tools or platforms. How accurate would be that promise?  So we decided to dissect the functionality and how it relates to the healthcare’s major pain point – to stay HIPAA-compliant.

 

Breaking News

When Google announced the Gmail confidential mode,  at a first glance it looks like a great feature by the ubiquitous Email provider and certainly a game changer.  Finally the email could be both secure as well easy. Or is it?

Early days at Skyscape in 2002

Gmail Confidential Mode Instructions

Gmail Confidential Mode Features

In a nutshell:

  • Confidentiality mode disables most ways to share information accidentally like copy, print, download, share.
  • It allows the sender/administrator to set message expiration date, so that the message is automatically deleted.
  • The sender can revoke recipient’s access to the mail at any time.
  • A verification system can be set up where a verification code is sent by text to access the email.
  • The messages in this mode cannot be scheduled to be sent, so the sender remains in control of always sending messages.
  • Gmail processes the mail by removing the message body and all attachments from the email and creating a link to the content. If the recipient has Gmail too, they will see the whole message as well as the link within the email. If they have a third-party email, they will just see the link and will have to go through further steps to access the message through the link.

But does this mean it’s HIPAA-compliant?

  • Google retains full access to the email even after deletion timer is set.
  • The verification system allows Google to link recipient’s phone number to their email address.
  • The data is not secured through end-to-end encryption at rest and in transit.
  • There is a criticism that in one of the “Google workspace Admin Help” articles, it says that confidential mode does not prevent user from taking screenshots or photos of the confidential message and attachments.  Now to be fair, this could be a problem in any system, so we don’t really hold it against the implementation in this case.
  • It is mentioned in Google’s HIPPA implementation guide that “customers are responsible for determining if they are a business associate (and whether a HIPPA Business Associate Agreement (BAA) with Google is required) and for ensuring that they use Google services in compliance with HIPAA. This guide is 10 pages long and can be read here. The point here is Google is HIPAA compliant then why does it need 10-page instructions for users to become compliant?

Clearly, the points above do not give any comfort that this is a HIPAA-compliant service.  In fact, as many users have pointed out, this is not even an email but a ‘link’ to the information saved on google’s servers.  As such, you would have expected that the data is stored in an encrypted format despite the fact that it could be password-protected.  There has been no assurance given by Google that the emails will be deleted from the server even after the expiry or being revoked.

When both sender and recipient use Gmail, the email appears normal. But recipients who do not use the Gmail app get a link for viewing the email in a browser.  There are many more comprehensive services like the Buzz Platform that provide this feature much more comprehensive and consistent manner.  

 

 
 
 

What About the Other Email Provider Options

None of the other  large-scale email providers like Apple with its iCloud mail or storage services  mention HIPAA-compliance in any of their terms of services or privacy policy.

AOL (remember them?) has E2EE (End-to-End Encryption. See What does End-to-End Encryption mean (and why should you care?)) for all data in storage or in transit, 128-bit AES encryption, and advanced hardware protection with T2 security chips. Founder CEO of Paubox.com, another email provider, states that AOL does not have BAA between a covered entity and a business associate. BAA is a requirement for HIPAA compliance. Fantastic security features, but not having BAA is a deal breaker.These are all free. How about other options like paid platforms for Emails? and how do they fare as far as HIPAA is concerned?

HIPAA-Compliant Email Providers

There are a few HIPAA compliant mail providers, like Paubox, ProtonMail, Hushmail, and MailHippo, but they are not free – here is a quick rundown of the service and the pricing.  As always, please check the respective website for the latest details including the pricing.
Paubox has HIPAA compliance along with HITRUST security standard. Nevertheless, its prices range from $29 to $79.
ProtonMail seems to have the most features suitable for healthcare professionals in terms of E2EE and Zero-access encryption, no selling ads or user data. Furthermore, ProtonMail does not use cloud hosting. They have their own server hardware and network in 2 very secure locations. ProtonMail includes a signed BAA and is in total HIPAA compliance. You would have to purchase the business package which most recently costs anywhere from $6.49 to $12.99 per month depending on the options you select.
Hushmail for Healthcare is HIPAA compliant and costs $19.99 per month. It does seem to have limited options though like only 5 encrypted email accounts and webforms and so on. MailHippo has two plans for $4.95 and $7.95 per month. The limitation here is by number of email messages. 5,000 and 10,000, storage ability 5GB and 10GB and file size 50mb and 100mb respectively.

Conclusion

As for Google’s Confidential Mode for HIPAA? Close but no cigar.

Broadly speaking, considering just an email platform for HIPAA is not an optimal approach. It is debatable whether email as a medium should be looked at as a solution for organizations that work across the care continuum and need to communicate and collaborate with care providers, consultants, specialists, therapist and patients.  It is of utmost importance that such healthcare organizations take time to make sure that the communication methods they use are not only in compliance with the HIPAA rules but also effective in providing their staff with effective multi-modal platform to cover all aspects of their daily workflow and interactions. It is best to look for specialized platforms that enable collaboration in a unified fashion, enabling phone, video, SMS, emails, faxes and almost every other conceivable channels in use today.

Buzz from Skyscape, is one such communication and collaboration platform that is HIPAA compliant, has E2EE encryption, Zero-knowledge.  Additionally, it has been universally preferred by the care providers when compared with similar other options that have been offered to them (check out the case study).  Visit the Skyscape page for a free onboarding option to use features that make communications with the healthcare system easy, efficient, and reliable.

References

Google Description of Confidential Mode –  Send & open confidential emails (for end users)

Protect Gmail messages with confidential mode – Gmail users can help protect sensitive information from unauthorized or accidental sharing (for administrators)

ComputerWorld Article – Watch out for Gmail’s new Confidential Mode. It’s easy and useful, but Google’s new ‘secure email’ is neither secure nor email.

BetaNews Article -ProtonMail criticizes Gmail’s confidential mode messages for being neither secure nor private. It says that people “don’t need to settle for fake privacy”, saying the “confidential mode” available in Gmail is “misleading” and “little more than a marketing strategy”.