But we do NOT want random government employs accepting data in random format by email they just decided that are safe and non-executable. It is not like the admin lady in the office got an extensive training about what can be done with pdf, xls, usb stick, txt and what not.
They just have no idea. From this woman point of view, pdf in email is as safe as usb stick in a an envelope.
Agree that this is a very messy situation.
Most health information transferred online between patients and other entities goes through a portal rather than email to ensure PHI isn't transmitted over unencrypted SMTP or simply forwarded on to some insecure mail server. I.e. data loss prevention.
Wherever it goes, there are a various services that can be used to ensure the file is not malicious. Probably API integration with Palo Alto WildFire or ICAP protocol with Opswat would be the best choices. Neither would be affordable for small government offices.