GP surgery using a standard Gmail account

I.am.Putins.raging.bile.duct · 12-07-2024 11:36AM #1

I had to email my GP to request a callback and I noticed they don't use a private email domain just a standard Gmail.

My GPs secretary emailed me back saying my doctor was on annual leave and would call me back when he returned. I didn't share or ask for any private data and perhaps they never do through emails but still I think its a bit lax using a standard Gmail account.

Im wondering if that's poor security considering the amount of cyber attacks we've had in Ireland in our health services.

Maybe have a look at your GPs email address please and see if this is common.

Thanks

Miaireland · 12-07-2024 11:51AM

GPs have a system called Healthmail that they use to send secure emails with private data and results to other healthcare professionals.

Normally gmail type emails are normally used to request callbacks etc.

I.am.Putins.raging.bile.duct · 12-07-2024 11:56AM

https://www.boards.ie/discussion/comment/122371073#Comment_122371073

Ah i see thanks

Charles Babbage · 12-07-2024 11:59AM

https://www.boards.ie/discussion/comment/122371098#Comment_122371098

But a yahoo address would not imply any level of security! Gmail is probably better.

z80CPU · 12-07-2024 12:34PM

https://www.boards.ie/discussion/comment/122371110#Comment_122371110

Splitting hairs but yes

ItHurtsWhenIP · 12-07-2024 02:00PM

You could have a doc with their own domain and that might look professional and make you think it is more secure, but their email could be set up on some mickey mouse mail server run by their hosting or IT service provider. That could be waaaay worse than a Gmail account. 🤨

TheDriver · 12-07-2024 02:04PM

Many places including schools use google packages to handle their domain so a private domain could be handled by google (or equally Microsoft)

GSBellew · 12-07-2024 02:11PM

https://www.boards.ie/discussion/comment/122371669#Comment_122371669

This above, you could be emailing somebody@anydomain.ie and still be emailing a gmail account.

L1011 · 12-07-2024 02:13PM

https://www.boards.ie/discussion/comment/122371073#Comment_122371073

Which is a Microsoft 365 tenant with heavily restricted (I would say "no", but it has MX records, so can presumably take some inbound; maybe from very specific domains) inbound or outbound transport rules.

I would still worry that occasional mails are sent with patient info outside of it. Main one is sending stuff to the patient in question; the patient obviously doesn't mind getting it but the data remains on their other email systems servers afterwards.

Charles Babbage · 12-07-2024 03:26PM

https://www.boards.ie/discussion/comment/122371726#Comment_122371726

My GP makes zero use of email for anything. They will print out stuff on a page, but do not send it electronically, nor do they bother copying emails for things like seeking appointments with specialist facilities to me.

There is a security issue, but there is also a need for the general sharing of information with patients and a secure way of doing that.

L1011 · 12-07-2024 03:59PM

https://www.boards.ie/discussion/comment/122372174#Comment_122372174

If they send your prescription to the pharmacy, they're using Healthmail. I don't know any GPs that didn't start doing this during the pandemic although for some it was a massive culture shock.

Charles Babbage · 12-07-2024 04:53PM

https://www.boards.ie/discussion/comment/122372333#Comment_122372333

My point was that they do not email me, not that they do not use healthmail. But even in the case of prescriptions it would be reasonable to generate a standard document to inform the patient that a prescription had been sent to the pharmacist and copy that to the patient. Then the patient would have a clear record of the dates of the prescription etc.

spaceHopper · 16-07-2024 09:59AM

Google have a far bigger security budget and know more about it than your GP. If they have 2FA an a strong password then I'd be more than happy for them to use it. Also there is noting stopping them setting up Thunderbird or Outlook as mail client so they only need their PC log in to get and check mail. In any office I'd be surprised if they don't have that setup.

The Black Oil · 16-07-2024 12:27PM

I used to look at the ICGP's website for work, the 'find a GP' tool. Most didn't list an email address and few had one like info@gppractice.ie

I see some here have Eircom accounts.

https://www2.hse.ie/services/find-a-gp/

tohaltuwi · 16-07-2024 12:40PM

my GP practice uses Gmail when corresponding to patients re appointments, but Healthmail for medical data communication to other doctors etc

I am always getting offers from various entities for my own email domain, doesn’t always mean it’s secure.

AndrewJRenko · 28-01-2025 05:07PM

https://www.boards.ie/discussion/comment/122387083#Comment_122387083

There would be some medical information in that kind of correspondence with patients, including repeat prescription requests.

https://www.boards.ie/discussion/comment/122386511#Comment_122386511

Google also know more about how to harvest and exploit information available to them to maximise their advertising income. Do you want to be targeted for adverts based on medical information in your emails?

spaceHopper · 30-01-2025 11:28AM

https://www.boards.ie/discussion/comment/123109348#Comment_123109348

That's a fair point, you can change you settings to avoid it and chances are if I've medical condition I've already googled it.

All of these are companies that have lost my data.

Yahoo, hacked for years, LinkedIn leaked data, Paddy Power hacked, Western Digital hacked, Twitter leaked data, Car parts web site hacked, Fastway didn't set a password on an online database……….

So I'd have to go with the lesser of two evils, use gmail and google have my info or use home baked server and everybody has my info.

AndrewJRenko · 30-01-2025 02:18PM

https://www.boards.ie/discussion/comment/123115515#Comment_123115515

It's your own choice of course, but I wouldn't trust them (Google) as far as I can throw them. This case is from the US, but is being driven by an Irishman, Johnny Ryan.
https://www.independent.ie/business/technology/irish-council-for-civil-liberties-lodges-national-security-complaint-against-google-in-us/a1985260657.html

You make a fair point as to whether an 'average' email service hosted by an average web hosting company is more secure. I wonder are there specialist providers to GPs and other medical providers perhaps?

spaceHopper · 31-01-2025 04:40PM

https://www.boards.ie/discussion/comment/123116279#Comment_123116279

When your GP sends a prescription the a pharmacy for you they use "medmail" so there is something. How well it's secured, who knows. It could be run by the godchild of somebody in the HSE for all we know.

L1011 · 31-01-2025 04:43PM

https://www.boards.ie/discussion/comment/123120745#Comment_123120745

Healthmail, it's an Office 365 tenant with, presumably, extremely strict transport rules on what traffic can go in or out.

It's managed by the HSE.

GP surgery using a standard Gmail account

Comments