You can't comply with HIPAA using regular email

Edward Doyle, Editor of Today's Hospitalist (article not yet available online) advises physicians not to use regular email to communicate with patients. He notes that

[F]ederal law contains very specific --and surprising-- provisions regarding physicians' responsibility for email... Because HIPAA uses 18 categories to spell out exactly what constitutes protected health information,... the law protects just about any information that would be of interest to outside parties. That includes not only names and dates,... but [even] references to a patient's location that are more specific than state.

He recommends secure messaging platforms RelayHealth for group practices and ZixMail for individual physicians.