I think some things such as:
1. Email archival
2. TLS delivery support (forced TLS); and opportunistic TLS if other encryption methods are used
3. S/MIME support
4. PGP support
5. Web-based secure email pickup support
6. Minimum price which includes email encryption
7. If they sign a Business Associate Agreemnet
8. Secure email sending and receipt on mobile devices
9. Ability to send a secure email to anyone (e.g. including people outside "the system")
10. Ability to receive a secure email from anyone (e.g. a facility to enable anyone to send you a secure email for free if they have no secure email themselves)
11. IMAP access to email
12. ActiveSync access to email (calendars, contacts, etc.)
13. Support for bulk or mass transactional compliant email messages
14. Retracting of messages sent
15. Read receipts (100% reliable) of messages sent
16. White labeling of the secure email system
17. Ability to "opt out" of security and send (non-PHI) messages without special encryption
18. If encryption is "opt in" and reliant on the sender to tag it for encryption (not as good as opt out due to the potential for mistakes)
19 SSL WebMail access to email
20. TLS/SSL support is TLS v1.0+ only and only using FIPS recommended ciphers (not weak ones) needed for HIPAA compliance
What Level of SSL or TLS is Required by HIPAA? - LuxSci FYI
21. Option for email on a dedicated server for added security and privacy
22. Email Marketing with a constant-contact like web-based mailing program for messages that may contain PHI.
23. Level of support
24. Two-factor auth for web logins
25. password expiration, reuse, and strength options
26. Support for DKIM and SPF
27. No need for custom applications or software (e.g. you can just use your browser or something like thunderbird)