....most of my docs are going to ignore this anyway honestly....
Just, "No". (...for now.)
We have an audit & compliance office. They make it crystal clear HIPAA is the M.D.s personal responsibility as it is. Several have been sacked, fines go to the MDs. Yes, facility will inevitably take a hit, but OCR negotiation on this point has been viable.
Appeal on "you aren't the bad guy", and "it is just another regulation the M.D.s need to follow." Do have CYA documentation. HIPAA action could impact you personally.
It might be worth turning it on its head, by that I mean pointing out that unless you can prove your documentation is the irrefutable source of all knowledge its never going to be referred to in that way. We already have a source of (nearly) all knowledge its called google-fu
I tried moving us to a TS environment about 4 years ago - I couldn't get past the thin clients 'flashing' on websites that used Adobe Flash. When moving between screens on our EMR of the time the whole window would flash white before going to the next screen. I posted about it on SW... someone posted a reason why (can't recall now). Never had the problem when using a Windows machine as a terminal into the TS.
In the end it worked out since our current EMR strictly forbids TS.
I've found that iOS calendar functions work better with push enabled, so I just turned of all notifications, sound, and such for email. Every couple of hours or so, I'll process my inbox, as well as make sure that I'm at zero before bed and when I wake up. During the workday, I process my inbox about every 40 minutes or so, but constantly work out of my "next" folder. The reason for this is that I found out that constantly trying to keep up with my email was preventing me from really getting into projects and tasks effectively. This way, I can still keep on top of email and address actionables, yet I can still perform non-email tasks effectively.
Setting Postfix up as a smarthost's pretty straightforward. I've done it in reverse as an inbound mail gateway instead of using an MS Exchange Edge Transport role. I'm guessing you'd be allowing access based on IP?
While you want to keep it simple, I can't stress strongly enough to use at least outbound spam filtering. That way, in case you do somehow start churning out spam, it'll get caught before your IP gets blacklisted.