G Suite includes privacy and security protections aimed at securing data. Google signs a BAA with HIPAA covered entities. However, G Suite has hidden dangers that may lead to a violation of HIPAA rules.
Emails sent from Google Calendar are not encrypted
Calendar is a core service of G Suite and covered by Google’s BAA. The problem is, email encryption is not a standard feature of G Suite. That is, although Google supports encrypted messages within its servers, email sent to other systems are not encrypted.
Google does not even offer a native end-to-end email encryption solution; one has to purchase such services from a third party and integrate it with your Google account.
So, even though Calendar and other core services – including Gmail, Drive, Hangouts and Google Cloud Search – are covered by the company’s BAA, the emails that Gmail automatically schedules and sends via Calendar are not encrypted.
Read the rest of this post »