I was wondering what most people are using to handle HIPAA e-mail compliance for very small businesses such as doctor, chiropractors, dentists, etc. Office 365 + Sharefile and it's Outlook plugin look promising. However, is this enough to just have employees send information through Sharefile's system instead of emailing attachments? Seems like if a hacker intercepted an email message that had the Sharefile link he could just easily download the attachment, not much more secure than emailing the attachment.
Is a password protected link or file required for HIPAA compliance? If so, how do you send them receiving party the password, over the phone?