Compliant with what part of HIPAA? Access controls? Password complexity? Protecting data in transit, data at rest? I would think that encrypting and password-protecting emails would be a part of your HIPAA compliance but it’s so much deeper than that. I recommend you go through the <a href=”http://www.cms.hhs.gov/securitystandard/downloads/securityfinalrule.pdf”>HIPAA security rule</a> section by section to see how it applies to your business. You may also consider the <a href=”https://www.amazon.com/dp/0849319536?tag=princilogicll-20&camp=14573&creative=327641&linkCode=as1&creativeASIN=0849319536&adid=15N5GSANWBY2BV1WQQF6&”>HIPAA book</a> I co-authored as well.
Also check out these <a href=”http://www.principlelogic.com/compliance.html”>HIPAA articles</a> I wrote for TechTarget.
Bottom line: it all comes down to risk and which of the elements are required or addressable in your situation.
Best of luck!