By now it shouldn’t be news to you that Gmail and other low-cost or no-cost email providers are scanning your emails. If you weren’t aware, you can start catching up here: Google Explains Exactly How It Reads All Your Email
So, if providers are “reading” your email, what does that mean to you, and to your clients?
If you are an attorney, you can not continue using one of these services once you know about their marketing tactics. Attorney-client confidentiality is fundamentally breached if someone, or something in this case, is opening and analyzing all of your confidential emails word for word, even attachment by attachment.
Likewise, if you are a clinician, HIPAA’s rules require that you restrict access and guard against unauthorized access to electronic Patient Health Information (ePHI). In some cases by clicking through the provider’s Terms & Conditions (you know, the ones no one ever reads!), you may be explicitly giving the service provider authority to access your email.
A ‘Simple’ Approach
Email is transmitted using Simple Mail Transfer Protocol (SMTP). Unless additional security and privacy techniques are applied, this method sends the email in readable form (similar to the way you see it on your computer screen) over computer switches and routers from Internet providers, until it eventually is received by an email server where it is stored until you read it, and in some cases, long thereafter. How well these devices are protected, where they reside (ex. domestically or abroad) and what devices you use to access them, all contribute to the security of your email content.
That is why, especially in sensitive industries, the use of secure file sharing tools and email encryption software is now required due diligence. Beyond tools and techniques, for entity’s covered by HIPAA, they also must select an email provider willing to sign Business Associate Agreements (BAA). Not so simple anymore.
Beyond Reputation Damage
For some industries, the cost of failing to properly protect sensitive data may be hard to quantify since it will be measured in terms of lost client trust and brand reputation damage. This can be influenced by many factors including how the breach occurred and how the organization handled the matter.
For others, like healthcare providers, there are clear and measurable penalties for data breaches, depending on the amount of negligence involved. HIPAA Case Examples & Resolution Agreements
Across all industries there continue to be investments in technology to enhance productivity and our overall work lives. As we do so, we have a responsibility to our vendors, customers and business partners to handle their information with as much respect and trust as possible. Some tools do a better job than others of not only doing the job but doing it securely. Ultimately, knowledge and initiative are required to implement the appropriate solution.
If this news interests you, then it’s probably worth investigating what Site2 has to offer.