Compliant with what part of HIPAA? Access controls? Password complexity? Protecting data in transit, data at rest? I would think that encrypting and password-protecting emails would be a part of your HIPAA compliance but it’s so much deeper than that. You may also consider the HIPAA book I co-authored as well.
Also check out these HIPAA articles I wrote for TechTarget.
Bottom line: it all comes down to risk and which of the elements are required or addressable in your situation.
Best of luck!