To play devil's advocate without the stick of Medicare funding being at stake, doctor's offices and hospitals will defer EHR upgrades until the heat death of the universe. HIPAA was passed in the 90s with a safe harbor for faxing and that's still the standard method to transfer a medical record.
I admit I don't know HIPAA very well, but could it be that the requirements for fixing are straightforward, or significantly more so than for other methods? If I'm the lawyer with a role in HIPAA compliance, I want the staff using a no-liability compliance appliance, not screwing up with email attachments in the clear or botching veracrypt containers or anything like that. Simple training: medical records go back on the shelf, in the shredder, or in the fax machine.
