As a rule unencrypted e-mail is not secure and it is theoretically possible for a hacker to intercept health information sent via e-mail. However, according to the ADA, it is acceptable to send health information using e-mail if the patient is informed of the risks and consents. Be sure to document both the risk information and the consent.
UPDATE: Thanks to a couple of alert readers and IT specialists Dan Edwards and Amy Wood for pointing out this exception is only for doctor to patient communications. Dentists sending PHI (Protected Health Information) to other doctors should always use encryption of some sort.