[jessaustin]

Maybe you've been subjected to more complete DLP systems than I have, but email "within the organization" is not and never will be "secure".

Every time I've seen customer demographic data emailed (although admittedly this hasn't been in the medical field), both the sender and the receiver have been employees (including myself) who weren't entitled to see that data. Organizations need to find more appropriate ways to collaborate, which don't needlessly expand the pool of people with access to sensitive data.

You seem to trust a pool of 100 people, even if they have acronyms following their names, more than you trust a search engine, to not share data in legally negligent ways. That seems ill-advised to me. If the Googlebot were generating lawsuits for breach of privacy we would have heard about them.

I don't think this sensitive customer data should be in Gmail, because I don't think it should be in any email system period.