Greetings: Do any of you have to handle HIPAA compliance and if so, any suggestions? We are running an Exchange 2003 server and have an organization who needs HIPAA compliance, because the emails contain confidential personal information. While we can control (to some extent) the Outlook settings for organization employees, the end users (individuals at the the other end of the email) are general public "consumers" so you cannot dictate what email client they use or make them change their Outlook settings just for us or make them install email SSL certificates or anything like that. JW