And it also doesn't really apply here... If YOU the individual (who owns your own medical records) agree that the transmission method is safe then HIPAA doesn't apply. HIPAA applies when the OTHER party sends it:
This is called "Individual Right of Access". If you ask a doctor to email your records to your personal Gmail, the doctor must comply. However, they are required to briefly warn you that email is unencrypted and insecure. Once you say, "I understand the risk, send it anyway," the doctor is no longer liable for any breach that happens during transmission.
The patient (the article's author) is a covered entity. Patient data does not pass thru email, period. Even if the patient wants to send email and says, "Just blame me, I don't care!" The answer is a flat no, and nobody is going to risk getting in trouble for that.
This is called "Individual Right of Access". If you ask a doctor to email your records to your personal Gmail, the doctor must comply. However, they are required to briefly warn you that email is unencrypted and insecure. Once you say, "I understand the risk, send it anyway," the doctor is no longer liable for any breach that happens during transmission.