There is no such thing as “a sure thing” when it comes to the transmittal along any public lines of communication. None.
Even the best encryption can fail if the person receiving the information is careless with it OR if the sender (meaning anyone in the physician’s office with access to it, including every low-level clerk) is not as trustworthy or competent as they should be.
Personally, I’m not in favor of “transmitting” sensitive material, anyway. Most banks and credit unions that I’m familiar with these days store account and statement information on their own servers, which are as reliably secure as they can make them – again, there is no perfection. Then the user has to log in with his account information to gain access to the limited information that is available to that account, and everything is done via https:, which is what most commercial sites use.
Except for the fact that most doctors’ offices are not as well-staffed or managed IT-wise as banks and credit unions, there’s no reason why they can’t subscribe to services who manage sensitive / secure information as their business, and handle the flow of information that way.