[xk3]

And it also doesn't really apply here... If YOU the individual (who owns your own medical records) agree that the transmission method is safe then HIPAA doesn't apply. HIPAA applies when the OTHER party sends it:

This is called "Individual Right of Access". If you ask a doctor to email your records to your personal Gmail, the doctor must comply. However, they are required to briefly warn you that email is unencrypted and insecure. Once you say, "I understand the risk, send it anyway," the doctor is no longer liable for any breach that happens during transmission.