The large hospital (~10000 employees) I work at (though not as a medical doctor despite the user name) has a secure file transfer web application that we use for this thorny issue.
The workflow works with sending doctor going to https://transfer.examplehospital.org
You sign in with your hospital credentials and upload files and specify one or more recipients and possibly add on a message. The files are stored encrypted within the web application.
They receive an email saying person A has transferred files to you from examplehospital.org
, please click the link to here. If they are a new user, they create an account. They get a short-lived registration token via email, click it, and then can set a password. Now they are logged into the application and can download their images over https (encrypted).
Similarly, a doctor at another institution can send encrypted PHI to you by creating an account logging in, uploading an image and sending it to a doctor at your institution. (However either the sender or the recipient has to be at your institution).
The hospital didn't create this service themselves; the logo at the bottom indicates that its done by accellion and there are likely many similar competing products. (I have no familiarity with the cost/ease of setup/maintenance; other than from a user standpoint its relatively straightforward to use; granted you have to be careful of sending PHI to compromised email accounts). But products like this exist and work well; I'd search for something like 'secure file transfer hipaa'.
EDIT: I should clarify, this should not be used for routine file transfers; but only the types of files you may feel the need to email (e.g., for the patient who transfers to a remote clinic you've never previously worked with). For routine cases, you should setup a workflow where some doctors/patients at related institutions can push images to remote PACS in a convenient fashion.