I'd recommend against it personally. AC Offsite Backup only lets you back up the database. While other services will let you backup everything, incrementally too. Which will save you a lot of bandwith and time.
1. DropBox is typically avoided for such things as it is not HIPAA Compliant. It would be if you encrypted all files before they went into the dropbox. Something like TrueCrypt or AxCrypt+Dropbox could work.
2. It is. Given enough time, anything can be hacked.
3. Everytime you connect that ethernet cable, you open your door to hackers. I wouldn't worry too much about it assuming you use good passwords and leave the firewall on.
4. They're all pretty good. Some have more advanced features than others. iBackup is probably the most feature heavy with the ability to backup Active Directory, SQL, SharePoint, and Exchange. It's also the most expensive. It all depends what features you want. For basic file backup like those .enc files, I'd use CrashPlan. There's many other options, JD, Carbonite, Mozy.
5. Most services that are HIPAA "compliant" advertise heavily that they are HIPAA compliant.
That's a great backup system.
.png "ACUF Donor I")
