Offsite backup is best for HIPAA compliance, and encryption is not necessary. The technical requirements for HIPAA are minimal, and more concerned with policies/procedures. If you're contracting with a third-party,...