Google announced that as of June 25, 2019, Gmail will, by default, turn on Gmail Confidential Mode (currently in Beta). Google describes Confidential Mode here , and in this document about how to Protect Gmail messages , but there are some key things you need to understand as a dental office, especially if you use Google as your email host (as most Pro Impressions Marketing offices do).
Google Wants to Protect Users
For a long time, Google has made security a priority and wants to protect the privacy of their users. Years ago, they stopped reporting specific keywords used in Google search except for Google Ad clicks. They also began encrypting their search result pages so that someone (such as a government entity) who was attempting to spy on one of its users would have a difficult time learning what the user was looking up if the user’s Internet connection was tapped. Google Confidential Mode is simply an attempt to take this privacy a step further by protecting email messages from prying eyes.
How Does It Work?How Does It Work?
Gmail Confidential Mode came out in 2018, enabling people to set an expiration date on emails and to prohibit forwarding and printing of messages (no way to prevent copy and paste or screen capture though). Now, it will come standard on all Gmail accounts. For Gmail to Gmail account email messaging (remember, your email with @domain.com can be hosted by Google using Gmail- it doesn’t have to be an @gmail.com account to be a Gmail-hosted email account), the experience in sending and receiving messages is pretty seamless. When you sign into Gmail, and open a Confidential Mode email, the forward and print buttons disappear if those functions have been disabled by the sender, and there’s a notice of the expiration date of the message.
However, if a message is sent via Confidential Mode to a non-Gmail user, the experience is quite different. If you’ve seen a pitch or demo of some of the HIPAA-compliant email services that have been around for a while, they all have a central theme: use of links and logins that access information stored on an encrypted server. Google’s storage of messages have been encrypted for a long time, and Gmail has offered HIPAA-compliance for a while too, including the ability to sign a Business Associate Agreement with Google ( see this guide on how to implement G Suite in a HIPAA-compliant way ).
For non-Gmail users, or for users who use their phones or another email app, Google is using a similar approach to what other companies have done to encrypt messages for compliance purposes. They are, in effect, removing them from users’ inboxes and maintaining the messages on their encrypted servers instead. Under Gmail Confidential Mode, when a user outside of Gmail sends a message, the recipient will receive a link to read the message. When they click on the link, a page pops up that notifies the user that a new email has been sent to the intended recipient with a passcode. In order to read the original message, the user must go back into their inbox, grab the passcode, and pop it into the original message window. The passcode can also be sent via text message. See the video below for a demo of this:
Things to Keep in Mind
Gmail isn’t a perfect email solution, but it’s cost-effective and easy to use. It enables your team to check and manage email from anywhere they have an internet connection. With Gmail Confidential Mode, Gmail becomes as dependable a tool to manage protected health information as any other tool on the market. Before this, we still didn’t recommend that offices spend lots of money on added email protection because that wasn’t an industry standard in dentistry. Google may be changing that now by turning on the availability of Confidential Mode, and Google’s G Suite is available at a fraction of the price of most health care communication tools.
There may be a learning curve for you and for the people who receive your emails once Confidential Mode is turned on. Having to find and enter a passcode is new and can be perceived as more of a pain than it’s worth.
Confidential Mode will not protect you from human error when it comes to HIPAA and protected health information. To the degree that you see that as a problem, you should train your people on how to handle protected health information. We have used YourHIPAATraining.com for this because it’s super easy and inexpensive, but you can also hire in-house training or attend CE courses about the subject.
If you use Google to host your email (if Pro Impressions Marketing is hosting your email, you use Gmail), this feature will be turned on June 25. If you don’t want it after that date, we can turn it off, but it’s probably best to learn to adapt to the features and embrace the new security.