Google Workspace and Confidential Email

Many of us in private practice use Google’s Workspace (formerly G-Suite) to manage our email, calendars, and even cloud storage because it’s a cost effective, HIPAA-compliant service. Recently, Google announced that an awesome new feature they had been testing will be coming out of beta in June for all users. They also announced that any G-Suite administrator who wanted to make the service available now could turn it on.

So what is it? And how can it help you and your practice?

Essentially, this service provides you a way to share information via email that is especially tuned to helping avoid important, secret, or confidential information being shared with unintended recipients. To understand why this matters, you have to know that email is inherently insecure. Yes, there are passwords to protect your inbox. Yes, if you have a strong password then it’s harder to get access to your emails. But, email was invented way back when super-strong encryption wasn’t a bit concern. I posted about this a while back so you can read it in more detail if you want. But the basics are that the world’s email system is insecure by default.

That probably sounds scarier than it needs to be because it takes a special kind of person to capture and email from a server and extract useful information from it. But, it’s possible. And, now, it’s more avoidable that ever before.

Gmail’s confidential mode now lets you send information in a way that avoids using the insecure email system as much as possible. When you choose to send a message in confidential mode, Google does a couple of really interesting things. First, it strips out all of the content and attachments from the email and stores them in a super secure way. Second, instead of sending the content to the recipient, it just sends a link to the super secure location where the information is stored. The recipient clicks on the link and is shown the information in a browser rather than seeing it in whatever email program they use.

This means that the confidential information you’re sharing never has to be transmitted over the insecure email network. Instead, it uses the same kind of encryption that your bank website and apps use to make sure that the information is as safe as possible.

There are a three extra layers of security too.

First, they’ve removed the ability to forward, print, or download the attachments. The inability to download attachments is kind of a let down for me. I’d like to be an option in the event that I have to send a confidential file. Imagine being able to send a file in a completely secure way to a client or to another provider rather than faxing. At least for now, downloading attachments isn’t an option. But, it is a great layer of security.

Second, they’ve added the ability to set an expiry date. This information won’t live out there on a server forever; you can choose to have it be deleted on a date and time.

Finally, they’ve also created a whole infrastructure around SMS passwords, almost as a two-factor authentication option. That way, only people who receive the SMS password in addition to the link can view the content.

I’m really happy with this system right now and the only thing that would make it better for me is allowing me to determine whether an attachment can be downloaded. But, I have a workaround for that too.

HOW DO YOU USE IT?

It’s built into both the web version of Gmail as well as the official Google Gmail apps across Android and iOS platforms. There are instructions about how to use confidential mode over at Google’s website that are simple and easy to follow.

This is a great service that can only enhance your HIPAA compliance and protect your client’s confidentiality. I’m looking forward to seeing how Google improves this system over the coming few years.

You can turn this feature on today, even though it’s not slated for official release until later in June. To do so, you’ll need to login to your G-Suite Admin Console. You’ll navigate to Apps > Gmail > User Settings > Confidential Email. Once you’re there, pick the setting that says “Enable Now (beta).” It may take a little while – up to 24 hours in some cases – for the feature to show up for you, But, once it does, you’ll be able to send confidential emails from the web or from your Gmail app.

Next time, I’ll share my work around for sharing documents that users can actually download in a secure way.