As for the 'encryption', since this needs to meet the HIPAA requirements, have you met with the Healthcare provider's administrative and legal staff ?
Now a few questions ...
What 'version' of SQL Server are you using ?
What 'edition' of SQL Server are you using ?
Are you considering 'encryption' at the :
- operating system level
- database
- table
- column
As for database backups - do they need to be 'encrypted' at rest ?
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."