The policy of not asking about personal medical information by regular email is sound.
I work as an engineer(not in the US) in a governmental capacity and we would never ask for sensitive material to be sent byail.
We do however have a secure service in our web page where you can upload such material, with the option to cc in people by mail to alert them that you have sent something. Otherwise it will take a day for our archive to send it the right way.
Edit:
We have more secure options, but that requires an invite/link. We ofc can handle proper secret stuff as well, but that involves a seperate intranet and secure terminala and so on.
The policy of not asking about personal medical information by regular email is sound.
I work as an engineer(not in the US) in a governmental capacity and we would never ask for sensitive material to be sent byail.
We do however have a secure service in our web page where you can upload such material, with the option to cc in people by mail to alert them that you have sent something. Otherwise it will take a day for our archive to send it the right way.
Edit: We have more secure options, but that requires an invite/link. We ofc can handle proper secret stuff as well, but that involves a seperate intranet and secure terminala and so on.