Rich,
Just make sure that everything that is on your WIFI is using a WPA/WPA2 key to talk to the access point (ala Bert's suggestion above), and you can put your mind at ease.
As far as the portable cellular hotspot - enable WPA/WPA2 and you'll be running encrypted there as well.
Don't let the FUD get to you, sounds like you have a solid plan to protect your practice and your patient data.
Seriously doubt that an account rep selling DSL has years of experience in IT security, much less ISSA experience. (
https://www.issa.org/)