@lighthousefoot This is a tough one for me to answer.  I did look at an invoice header and there is TSL encryption in the header coming from square through network solutions to my gmail.  But, I can't guarantee this means there is end to end encryption that satisfies HIPPA requirements.  I would have to have someone from square chime in here to verify that this is true.  I imagine that it does use e-mail encryption standards like "version=TLSv1/SSLv3".

That being said, if you want to guarantee that your data is secure and that no personally identifiable information is transferred, I would create the invoice and share it manually via a link.  Square partners with SendSafely (which does offer a free level of service) to send back and for "PII".  You could very easily create the invoice, and just send the encrypted link and the customer open and view the invoice securely.

Whenever a customer clicks on a shared invoice link it is https:// so it is securely encrypted, but I am not an expert on hipaa and ssl compliance.

Lastly, you can also check out some of the partner apps in the square marketplace for a fully functioning EHR solution that will cover you all the way around and use square.  Your question is a very good one, but I also wouldn't try to get cheap on security due to the major penalties for privacy violations.

https://squareup.com/us/en/app-marketplace/collections/health-and-wellness 

https://squareup.com/help/us/en/article/6459-security-tips-for-sending-personal-data-over-email 

Square is serious about security with their systems.

Hope this info helps.