HIPAA 2013 final rule allows use of unencrypted email for client communication. Posted on March 17, 2016 by jgordon Link. Lots of questions about retention of email, whether can use gmail/cloud, etc. See also: http://bit.ly/1R0hfwo