EMR Data Security #3: EMAIL – The Dangers of Gmail and Other Email Technology

This is another situation we deal with far too often.  We are all so used to using email to communicate that we use it without really understanding the underlying technology.  Since we deal with doctors and clinics during the extraction and conversion process, validating their data – there are times when we need to have a copy of the original medical record to be able to compare it to what we have extracted.  In one case last year, a doctor simply exported the record and emailed it to us as free text.  It had the patient demographics and the full medical record in the text.  Now, this in itself violates Canadian law – as they have breached patient privacy by sending the record through the internet without any encryption.  However, it was made even worse by using Gmail.  Gmail will parse that email and store it on its servers, which are all based in the USA.  So, not only was it sent without encryption, it was now stored outside of Canada.  The doctor was horrified when we explained what he had done, however the damage had been done.

First of all, no medical record information should be sent via email without a very strong encryption.  See a post below for product recommendations.  Second, no medical office in Canada should use the free email services from Google (Gmail), AOL, Microsoft (Hotmail), etc. for their businesses.  These systems all host their email systems outside of Canada and will simply complicate any breach that may occur.

However, it is not just email systems that may cause you issues.  There are other ‘personal’ technologies that people use without understanding the consequences that they may bring.   Take for example various Cloud services that synchronize data between your computer and your phone and other devices (iCloud from Apple for example).  These services are usually hosted outside of Canada.  This means that even if you have taken care to use a Canadian hosted email address, by syncing with your phone or tablet, second computer, etc., you may be storing email data outside of Canada and therefore violating Canadian laws without realizing it.


1.  Do not use foreign email hosts for your office work.  Exmples woud be GMail, HotMail, Yahoo Mail, etc.

2. Becareful of what technologies you use, as there may be un-intended consequences.

3. Always encrypt anything regarding patients that you must send via email.

Leave a Reply