As HIPAA's language is somewhat vague when it comes to actual technical requirements, what are best practices for PHI encryption for HIPAA compliance?
I've seen varying levels at different organizations. Some just encrypt it in transfer, some when at rest as well. One organization I dealt with required PGP encryption of files even when transferring over SFTP.
I work in healthcare integration and dealing with encryption is a must. If we are designing real-time HL7 interfaces to 3rd party vendors who are outside of our corporate network then we absolutely setup a full time dedicated and of course encrypted VPN connection between the two of us. That's mostly because a lot of applications can't support SSL encryption on a HL7 TCP/IP interface (although most integration engines do).
When doing file transfers we insist on using FTPS (FTP over SSL) or SFTP (Secure File Transfer Protocol). Some vendors require us to do PGP encryption and signing of files as well.
At a minimum you must have transport encryption. On top of that, data encryption can only help.
As a note about "data at rest". For our MSSQL Servers, we have implemented Transparent Data Encryption (TDE). We are regarding this as within the bounds to protect PHI. To be fair, we don't handle claim or patient info.
"Best" practice is risk assessment and risk mitigation. Encryption is only one of the layers of risk mitigation.
Use of encryption algorithms certified by FIPS 140-2 Annex A would be best practice; generic use of TLS or SFTP without configuring cryptographic cyphers appropriately doesn't cut it.
Use of database layer data encryption may be appropriate, for instance, if there is a risk that physical hardware may be stolen; if the hardware is in a hardened data center, use of database layer encryption may impress people ("our data is encrypted at rest") without appreciably mitigating disclosure risks.