I've had a few people wanting to use 3rd party email for business work in the past, but with the current HIPAA and SOX regs, the auditors will back me up on telling them they need to quit that. I realize not everyone operates in that environment, or under those circumstances.
HIPAA is specific to health privacy issues and SOX (Sarbanes-Oxley) only covers audits of publicly held companies....
Sending HIPAA data via email should be done via PGP or a CERT, but there is nothing limiting the originating IP.
Auditors frequently misunderstand technical topics and react with a shotgun approach.
SOX is really concerned more about accountability than confidentiality and, because of that, encrypted email is actually a bad thing here. Corporations would be required to hold private keys of officers for up to 7 years in order to comply with this...
The only place where SOX might apply is if a corporate officer were emailing confidential, audit related information from an external location... which means they're probably on shakey grounds anyway.
In order to comply with SOX, corporate officers would have to surrender their private keys and those would have to be kept in a secure location for 7 years to permit auditors to read all related email. Note that this is true for internal and external email.