Why Medical Clinics in Canada Should Avoid Free Email Accounts (And What to Use Instead)

Words by
Lorraine Wong
Written on
February 22, 2023
Last updated on
August 14, 2023

Are you using a free email service to manage your medical clinic?

In the past year, we’ve connected with many business owners running medical clinics - like dental clinics and optometrists - across Canada through the Canada Digital Adoption Program (CDAP).

One thing we see often, unfortunately, is that a business owner will reach out to us through a free Gmail account.

This is surprising for us. That's because, as a medical clinic operating in Canada, it is critically important that businesses use secure and reliable email accounts to communicate with patients, staff, and other stakeholders.

Unfortunately, free email accounts like Gmail, Yahoo, and Hotmail is not be the best choice for running your business, especially when it comes to sensitive information like medical records and personal information.

In this blog post, we will discuss why Canadian businesses providing health services should avoid using free email accounts and suggest some alternative solutions.

Jump to section
Jump to section

Why Shouldn't Canadian Businesses Use Free Email Accounts?

1. Compliance

In Canada, businesses that handle personal health information must adhere to the Personal Information Protection and Electronic Documents Act (PIPEDA). This Act requires businesses to properly secure and protect the personal information of their customers and employees, including any emails that are exchanged.

It is important to note that using a free email account may not meet the security standards of PIPEDA and could potentially lead to a breach of data or other security issues. Therefore, businesses should take the necessary precautions to ensure that they meet the security requirements of PIPEDA, such as using a secure email provider or server that offers encryption and authentication of emails.

Additionally, businesses should have a written policy in place that outlines the security measures they have taken to protect their customer and employee data.

2. Security

Free email accounts are unfortunately more prone to malicious hacking and phishing attacks, which can have serious implications for patient data privacy and confidentiality.

In Canada, businesses are mandated to uphold the security and protection of patient data, and using a free email account can present a serious breach of privacy regulations. Such a violation of data privacy laws can result in serious legal repercussions for the business, including heavy fines and possible criminal charges.

3. Privacy

As experts say, “if you don’t pay for the product, you are the product.”

Email service that’s “free” has a cost. For example, data from Google’s free gmail account is being shared and tracked so that it can be sold to advertisers. That’s how Google makes money. As recently as 2017, Google analyzed the content of users’ emails to personalize ads. While the company has stopped this practice, it still shares metadata with advertisers and scans emails to facilitate “smart features” like offering autocomplete suggestions or adding flight or hotel reservation details directly to your calendar.

To ensure that patient data remains secure and private, organizations should consider investing in a secure, professional-level email service that offers the highest levels of safety and protection.

4. Professionalism

Using a free email account for your clinic can often have a detrimental effect on your professional image. Many people associate free email accounts with spam, because so many spammers use them.

Having a custom domain for your email is a much better option, as it looks far more professional and promotes your brand. It adds a level of trust and credibility that is hard to achieve with a free email account.

Additionally, it will make it easier for potential customers to remember and contact you, as they won't need to search through endless free email providers to find your address. With a custom domain, you'll be able to stand out from the crowd and give your clinic the professional image that you want patients to have of your business.

Alternatives to Free Email Accounts

1. Secure Email Hosting

For those looking for an alternative to the typical free email accounts, a secure email hosting provider is the way to go. These providers offer encrypted communication, advanced spam filtering, and a greater amount of storage space than the typical free accounts.

Additionally, they are known to provide reliable uptime and a higher level of security that is often not found with the free providers. For those who need a secure email hosting solution, these options are a great choice.


  1. ProtonMail: ProtonMail is a free and open-source email hosting service that offers end-to-end encryption, zero-access encryption, and other advanced security features. It's a popular choice for those who prioritize privacy and security.
  2. FastMail: FastMail is a paid email hosting service that offers custom domain email accounts, secure email communication, and advanced security features like two-factor authentication and data backup. It's a popular choice for businesses that prioritize reliability and ease of use.
  3. Gmail for Business: Google Workspace (formerly G Suite) is a professional email hosting service that offers custom domain email accounts, spam filtering, and advanced security features. Google Workspace is compliant with Canadian privacy laws, and it can be a good option for Canadian businesses that use Gmail.
  4. Microsoft Exchange Online: Microsoft Exchange Online is a cloud-based email hosting service that offers secure and reliable email communication, advanced security features, and integration with other Microsoft Office apps.

2. Encryption Service

Encryption services provide a secure way to protect emails and their attachments from unauthorized access. They use encryption algorithms to scramble the content of an email so that it can only be read by the intended recipient who has the decryption key.

Encryption services can help protect sensitive information sent and received by medical clinics in several ways:

  • Secure transmission: Encryption services use strong encryption algorithms to secure email transmissions. This means that the contents of the email and any attachments are scrambled and can only be read by the intended recipient who has the decryption key.
  • Access control: Encryption services allow you to set permissions for who can access your emails and attachments. This can help ensure that only authorized personnel can view the sensitive information contained in the email.
  • Revocation: Encryption services allow you to revoke access to an email even after it has been sent. This can help mitigate the damage if an email containing sensitive information is sent to the wrong person or is accessed by an unauthorized recipient.
  • Compliance: Many encryption services, including Virtru, are HIPAA compliant. This means that they meet the standards set forth by the Health Insurance Portability and Accountability Act, which requires healthcare providers to safeguard patient health information.

By using encryption services like Virtru, medical clinics can protect sensitive patient information from unauthorized access, ensure compliance with industry regulations, and safeguard against potential data breaches.


  1. Virtru - Data encryption for email and file sharing
  2. Paubox - Seamless encrypted email with robust inbox protection. No portals or passcodes.
  3. Prevail - Send and receive encrypted emails using your existing email address from Outlook, Gmail, and Apple Mail. Also works on mobile devices and browsers.

3. Electronic Health Record (EHR) Software

Some EHR software providers offer built-in email functionality, allowing you to communicate with your patients and staff securely. These email accounts are designed to meet the privacy and security standards of PIPEDA.

You can also utilize the various options that your software offer for communicating with patients, including a secure patient portal.

As one of our optometry clients said, the majority of the phone calls and emails they receive relate to the patient’s prescription or appointments. That’s why the clinic is directing patients to the patient portal offered by Optosys, their practice management software.


In conclusion, using free email accounts for Canadian businesses, particularly dental and optometric clinics, may not be the best choice. These accounts may not meet the privacy and security requirements of Canadian privacy laws and lack the reliability and branding that a professional business requires.

By choosing an alternative like secure email hosting, EHR software, or encryption services, you can ensure that your clinic's email communication is secure, reliable, and professional while meeting the requirements of Canadian privacy laws.

Lorraine Wong
Lorraine Wong
Founder @ Cue North

Helping leaders build great organizations through processes and powerful digital experiences