Create a protocol or API spec on top of HTTPS or something else and use it. I don't know where you ar at but surely the government can just say "hey guys support this secure protocol before 2022 or you're out".

I can log on and read any of my medical records at any time and the information is aggregated from multiple sources. What's the issue?

If you use fax you won't even be able to see some kind of central audit log for your data. That's pretty crazy.

> Create a protocol or API spec on top of HTTPS or something else and use it.

This is basically what they've done with EDI/X12 over AS2, which was also mandated by HIPAA. The problem is that EDI is a pain to work with as a data format and hooking up to other trading partners can take weeks of coordination between IT teams (sending "implementation guidelines" back and forth). When EDI is the alternative it's not hard to see how the fax machine survives.

Email is roughly as secure as you care to make it. Better than stupid phone lines at least.

Much easier to hack say the DCI's mail account than say tap his phone line eh :-)

It's a big and still-unsolved problem, but it's more than just TLS - need a proper set of APIs and platforms. We happen to be working on this, but it's not done yet... :-)

Care to say who "we" are? This sounds very interesting!