I had a medical company inquire about this during our negotiations. They did some investigating and Scan to Email is indeed HIPAA compliant, provided that their email provider/email server meets the security standards. Scanned documents don't get stored on the hard drive, nor does the email go anywhere except from the email server to the recipient's inbox. If email is HIPAA compliant, then Scan to Email is just fine.
If your customer is still concerned, you can upgrade them to have Scan to Encrypted PDF. Most brands offer DoD encryption standards to password protect scanned files that get sent.
I highly recommend everybody read this article: http://www.techrepublic.com/bl...-securing-your-data/
Edit: Sounds like inexperienced IT trying to cover their own ass after reading some article off the web. Tell them to pick up the phone and check their facts first! 