HIPAA's Security Rule advises that electronic protected health information (ePHI) that is transmitted over an electronic communications network should be protected against unauthorized access. The way to do this is to encrypt the communication.
This requirement is also part of SSCHC's HIPAA Security Policies.
Encryption is the conversion of data into a form that cannot be read without the decryption key or a password.
This allows you to send private information, such as ePHI, by email and ensure that the information can only be viewed by the individual who it is meant for.