HIPAA Security Rule

Where is it officially stated that I must use encryption for my emails to be HIPAA compliant?

The Security Rule of the original HIPAA legislation permits Covered Entities to use email as a way to electronically transmit protected health information (PHI) and requires that steps be taken to protect those transmissions. The requirements are detailed in the Technical Safeguards of the HIPAA Security Rule, section 164.312, which may be accessed in plain text or in a PDF document.