First off, there is no single solution that can be purchased to make someone compliant. Your statement is absolutely untrue and if you really believe that, you are one of the people I was speaking of in the interview. It seems clear that your statement is more like an ad for the/your mail service you are pitching here. HIPAA compliance requires that standards be met on physical, technical and administrative standards that touch EVERY aspect of a business, the covered entities and their business associates. HIPAA Privacy and Security Rules combined require the implementation of “processes and procedures” (not simple email solutions) that deal with the security, integrity and availability of PHI. While it is true that smaller firms have a much easier time, because their practices are less complex, your misleading them into believing that some out-of-the-box solution somehow deals with all of the standards is blatantly irresponsible. Yes, secure email is one requirement, but I think you should just buy ad space instead of spouting off about a subject that you don’t understand in forums like this.

My doctor uses TrulyMail (TrulyMail.com) both because it is encrypted but even more because it is very easy (and free) for his patients to use. Small private clinics do not need to spend thousands or even hundreds of dollars to be legal, they just need to know their options.