When will CC be completly HIPAA compliant with End to End Encryption

We have had a longstanding account with Constant Contact but when it came to developing a patient-communications database for marketing purposes, we discovered that CC emails are not end-to-end encrypted nor is the email database storage encrpyted/safe for PHI. We switched and now send monthly emails . The security  is great but it lacks many of CC's great features and is very difficult to work with. When will Constant Contact develop a truly end-to-end HIPAA compliant feature that allows us to come back for these marketing emails? I can't believe CC is so far behind on this. Would love to know if this is in development. A BAA agreement along is not sufficient.