HIPAA compliance is a very complicated thing. Sending PHI over a non-encrypted channel would probably be acceptable in response to a patient request - while sending PHI over a heavily encrypted channel in an unsolicited manner would likely be a violation.
HIPAA is complicated and a lot of the things it is concerned with are far less technical than they may appear on the tin.
Also, IANAL - nothing in this post should be considered sound advice for any reason in any context.
HIPAA is complicated and a lot of the things it is concerned with are far less technical than they may appear on the tin.
Also, IANAL - nothing in this post should be considered sound advice for any reason in any context.