Not sure about the backups. All mine are encrypted. James has some good points, but I'm not sure I would just go with a free solution like Bitlocker.
If you keep PHI on your clients, then you deserve to pay HIPAA the penalties. That is what a server is for.
