Hey Al, Thanks very much for the detailed reply! I'm thinking that there will be 3-6 larger clients of ours that will want a solution and may be skilled enough to implement TLS. I definitely don't want this to require a solution on the desktop of the individual user. As you stated too much chance of a mistake or an omission of the required process. Server based solutions are what I want however the ones that do policy enforcement, etc. cost several thousand dollars and as much as our medical clients want to be in compliance they will not want to pay more for a "secure email option" that we could implement at an additional fee. I have posted this question on a few Exchange discussion lists and no one has commented about using TLS so maybe its "ahead of its time" and I should just plan to "bite the bullet" and implement a costly solution. Thanks again for the thoughts, Kevin