From John C. Dvorak, PCMag.com: Good Advice
This should be taught in school. After you write an email, read it and ask yourself: “Do you want the whole world to read this document?” Then ask “How damaging would it be if they did?” It’s the answer to the second question that is important.
There is a lot more to this article especially regarding whether or not the government should have the license to inspect your supposedly secret or secure data. The conclusion seems to be that in an age of terrorism and rampant cyber crime you can not expect your e-mails and other data to be secure.
It is the fact that e-mail is not private and is not secure that makes it a problem with HIPAA.