Healthcare Information Security

Patient Privacy News

Google requires encrypted HTTPS connections for email

By Nicole Freeman

- Google has announced that, beginning today, all messages sent and received within Gmail accounts will use an encrypted Hypertext Transfer Protocol Secure (HTTPS) connection, regardless of device or connection source, according to a message on the company’s official blog. While HTTPS has been Google’s default connection type since 2010, it is now the only option. HTTPS varies from HTTP (Hypertext Transfer Protocol), the basic protocol for web-transferred data, by providing encryption through a secure sockets layer (SSL), protecting information as it shared via the internet.

The encrypted connections will affect every message moving internally in Google’s servers and data centers, ensuring “that no one can listen in on your messages… no matter if you’re using public Wi-Fi or logging in from your computer, phone or tablet. “

Google has made huge progress in its healthcare industry-specific practices over the last six months, adding HIPAA-compliant business associate agreements (BAA) to its service offerings for three of its applications in September, requiring HIPAA-covered entities sign BAAs for Google Helpouts use, and expanding those agreements to include cloud services.

Google began offering HTTPS as a default email connection choice in 2008, noting that most other “free webmail services don’t support https.” Prior to adding the option, only log in pages were secured through HTTPS. Gmail’s encryption is only active as messages travel from point A to point B, and the information is decrypted upon arrival, but secure message transfer can decrease the risk of unauthorized access to sensitive information, and the risk can be further reduced when the devices themselves are secure.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks