Did you get the news from Google saying you can activate “confidential mode” for your GSuite account? We sure did!
Now, we can hear the furious tapping of keys in all the therapist social media groups and listservs talking about getting rid of all their other secure email services and relying just on Gmail’s confidential mode. Before you do that, however, let us take you through some of the ups and downs of GSuite Gmail’s confidential mode!
What is GSuite Gmail Confidential Mode and How Does It Work For Therapists?
First, we need to clarify a vital point:
Gsuite Gmail confidential mode is very different from the confidential mode on your personal, free Gmail account. Free Gmail has had confidential mode available for quite some time. It isn’t appropriate for us because free Gmail doesn’t do Business Associate Agreements. GSuite, the paid version of Google’s services, will do Business Associate Agreements. Thus, therapists are able to use it in our practices. This makes GSuite Gmail confidential mode exciting for us.
We now present our main findings in bullet list form:
- Gsuite Gmail confidential mode is great for sending messages and attachments.
- It can be bad for receiving messages or attachments, depending on what you need them for, and how you use what you’re receiving. (more below)
- It does prevent bad guys on the Internet from viewing the contents of messages and any attachments. The method of hiding these messages does meet HIPAA standards (remember: you still need a BAA with Google for it to matter.)
- If you use confidential mode, you really need to have at least the middle tier of GSuite, aka the “Business Tier.” (more below)
- Confidential mode is not so great for having conversations (i.e. “mutual communications.”)
- When sending client info by confidential mode, you need to know the phone number that the recipient should use to safely receive a security code for opening your message.
- Just like other escrow-style secure email services, confidential mode still exposes your email address and the subject line of your message. It only hides the body of the message and any attachments.
- Like most privacy-focused services, confidential mode has a bias towards destroying messages. Destroying messages is generally bad for health care pros.
Maintaining Availability of PHI
If you’re an ethics and HIPAA nerd like Roy is, you know very well that a big part of our professional duty around client information is that we must maintain its availability. That means keeping information around until that magic moment when the licensing board permits us to destroy it.
Confidential mode works like the real classic style of escrow secure email. That means that confidential mode messages always expire — you can’t turn that off! They even expire from your own “sent” folder!
The only remedy Google gives us is the Vault. Google Vault is a feature of middle- and upper-tier GSuite accounts which is intended to ensure that you don’t lose any data. In other words, it’s great for our needs here.
Vault will retain any messages you send using confidential mode. *phew* But that does mean you need the middle tier of GSuite.
Here’s the rub, though: if someone sends a message to you using confidential mode, your Vault cannot retain what they sent you! It will be lost forever from your Gmail account as soon as it expires!
“No problem, Roy,” you may be thinking. “People don’t send me confidential messages. They just reply to the confidential messages that I send to them. Problem solved.”
Unfortunately, Gmail confidential mode doesn’t work that way. Other escrow secure email services — e.g. Hushmail, LuxSci, Paubox, etc. — will let people reply to your secure messages right in the place where they read them. These replies stay in your account. Gmail’s confidential mode does not provide a reply function.
“Aha!” I hear you saying. “I’ve used confidential mode before and there totally is a reply button at the bottom of the message!”
When someone receives your confidential mode message using their own Gmail account, they will indeed see a “reply” button below your message. This is not the kind of “reply” you’re used to, though. Usually, replying to an email is like taking a paper note that someone passed to you, writing your reply below their message on the same piece of paper, and then passing it back.
Confidential mode doesn’t let you do that. When someone hits reply on a confidential mode message, Gmail will generate a brand new confidential mode message for the person replying to you. And when you receive that message from them, your GSuite Vault will not retain the message you just received and the message will expire from your Inbox when the message’s expiration date arrives. That’s not so great for receiving info pertaining to clients.
You may be thinking that this is no prob at all — you’ll just save any attachments and print/copy-and-paste emails over to a client’s record when you need to. Well, Gmail will work hard to prevent you from being able to copy-and-paste, forward, or print messages sent in confidential mode. You can work around that with screen captures, but then you have to make sure you properly handle the screen capture files — e.g. you put them in the right place, you keep your devices hardened, and you perform any other measures specific to your particular situation. If that all works for you, that could be fine just so long as you never forget to do it. For some of us, that’s not a problem. For others, there’s a significant risk there.
Before excitedly enabling confidential mode for Gmail in your GSuite account, we strongly advise that you evaluate its appropriateness for your practice and set an official policy for when and how to use (and not use) it.
GSuite Gmail confidential mode is pretty great for certain uses, e.g. sending superbills and the like. It’s not a drop-in replacement for any and all secure messaging services you might use, though. Its utility will depend greatly on what you use secure messaging to do. Regardless, it will be quite nice to have, though!