Say goodbye to free Gmail and become HIPAA compliant


If are freaking out because you have been using a free Gmail account to communicate with your clients, this is the post for you. You may have thousands of emails, every single of of which contains Protected Health Information (PHI).

You may think your only option is the nuclear one, where you delete all of your emails, and that certainly would do the trick. But what if you want to preserve the contents of those emails? You’re going to need to get that PHI out of the free account and into a secure account, and I’m going to give you a workflow to make that happen in an systematized, efficient, and thorough way.

First, you will need to create an email address through a provider that will sign a Business Associate’s Agreement with you, which means that they will promise to protect PHI with a high level of security. G-Suite, Office 365, and Hushmail are all providers that will give you an email address on your own domain (like I have and then provide you with a BAA so that you can use their services to store and transmit PHI. You will need to pay for these services; there are no free email options that will give you a BAA.

Next, you will need to migrate your emails out of that free Gmail account. This workflow will save you a lot of time, and also give you a sample of how I write the workflows you’ll find in my book.

I wish I could tell you that it’s possible to automate the part where you move the emails from one account to another, but I was unable to find any solutions that didn’t involve either third-party plugins (that shouldn’t get access to PHI) or doing some complicated programming (in which case you are a computer expert and don’t need this blog post).

Step-by-Step Workflow (Gmail Migration)

Link your new account to your free account

  1. If you are using the Inbox view for Gmail, click the three-line action menu in the upper left corner to bring up the left hand navigation menu. Choose Gmail.

  2. Generate a list of the names of all your clients to date.

  3. Log in to your Gmail account in your browser (not via an app).

  4. Click the gear icon in the upper right corner, and choose Settings.

  5. Click the tab that says Forwarding and POP/IMAP.

  6. Click Add forwarding address and enter your new email address, then click Next, then click Proceed in the small window that pops up.

  7. Log in to your new email account and follow the instructions in the email to link your accounts, then return to your free Gmail account.

Get the old emails out

  1. Take the first name on your list. Type the client’s name into the search box to bring up all of the emails associated with that client.

  2. Scroll through these emails and decide between two options:

    1. Chart it. Make a note in your client’s file summarizing the date(s) the email conversation took place, and pertinent information about the question asked and the response given.

    2. Forward it. Manually forward the email to your new email address.

  3. Click the small arrow next to the client’s name and choose Edit client details.

  4. Click the three-dot action menu in the contact dialog box, then click Delete to remove the client from your Contacts in your free Gmail account.

Filter and forward future client emails

  1. Run a search for your client’s name.

  2. Click More in the navigation just above the client’s name, then choose Create Filter to bring up a dialog box.

  3. The dialog box will be pre-populated with the client’s email address. Leave everything else blank and click Create filter with this search.

  4. In the next dialog box, check the box that says Forward it to and select your new email address in the dropdown. Check the box next to Delete.

  5. Click Create Filter.

  6. Now if your client sends you an email to your old free email address, you will get it via your new HIPAA compliant email address, and all the emails you scrubbed through in the previous section will be automatically deleted.


  1. In your new mail address, run a search for the client’s name to bring up the forwarded emails.

  2. Use the check box directly above the client’s name to select All to check the boxes next to all of the emails.

  3. Click the Archive button to remove those emails from your inbox.

  4. Make a note in your client’s chart that you have filtered and sorted the emails for this client.

This whole process will take you 10-20 minutes per client, so it may not be realistic to expect that you can do all of this in one day, but if you are diligent, you truly can do this. You know how you have clients who triple feed for weeks? If they can pump 8x/day while they are getting their babies back to the breast, you can face the tedious prospect of manually moving old emails. I believe in you!

About the Author

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.