UpDox, LogMeIn, and (I greatly suspect) Quest Labs use encrypted connections. The encryption occurs between client and server, and once they have a encrypted session started at the very beginning, there is no information in the clear.
Examples of things that are no-nos, as Bert mentioned, unencrypted emails with patient data, a letter attachment that mentions patient data, or uploading a patient record through FTP.
To be clear, the rules are no different between a wired or wireless connection; the communication is encrypted or it isn't.
Sounds like the infamous FUD technique - Fear, Uncertainty, and Doubt.
