>> Actually, the whole point is that they CAN NOT.
>> Hippa [sic] mandates that they do not do that.
Sorry, but, nowhere in the HIPAA regulations is there language about this.
>> It would be possible for somebody to copy/paste
>> into the wrong window.
Believe it or not, happens just about every day in hospitals and other covered entities through email and other manners. This is by accident or not. Doesn't make it right, but it also doesn't mean that hospitals are going to be banning Outlook anytime soon.
They are putting more and more controls to look for outgoing PHI network traffic, and block from leaving the building. Education is also very important to making sure workers understand secured connections.