I will reply with exactly the same list of questions as this is a communication process.

Thunderbird can only use encrypted communications if the server supports it and it is not being intercepted by say an anti virus using self signed encryption certificates. So is your mail server HIPPA compliant? Does it store mail in an encrypted state when at rest? It is not a function of the mail client (which is a local application.) to be Hiipa complaint, it is a process involving all steps of the process from composition to delivery and archival storage. Have a look at this list of the 10 best HIPPA compliant email providers. Notice no Thunderbird, no Outlook, no locally installed mail clients at all.

Number 9 on that list proton mail does offer a Thunderbird bridge. But as for compliance, you might want to ask them. Thunderbird can use P2p and s/Mime for end to end communication. It does not force it. The proton mail bridge does apparently.

GDPR is is an EU standard. how you manage your emails is up to you, so if you are complaint or not is not a factor in the mail client but how it is used.

Your point 4 needs to be rephrased as does your device protect the data. Thunderbird stores dat on your hard disk, just as any other desktop application does. It is something for IT to decide if the security surrounding local storage of PII is sufficient or they need to upgrade their arrangements.

Thunderbird does have a privacy policy, but remember that none of the data about your clients or emails is actually stored remotely on Thunderbird servers. The email is stores locally on your device and on your designated mail server. Hence the way the privacy policy is worded. https://www.mozilla.org/en-US/privacy/thunderbird/

Many thanks for your response. This is noted and forwarded to our ITS team.

Sorry but there is one more question from them. Please find it below. Many thanks for your assistance and patience in responding to our queries.

Which of the following below are you compliant to? HIPAA GDPR SOC2 HITECH FERPA