Looking for recommendations for new server setup and HIPPA compliance.

I know that there are 1000 posts with regard to HIPPA requirements but was hoping someone can tell me if this new config would pass for HIPPA compliance.

First, a little background about the client. This is a small insurance company that works with several other insurance companies for policies. The current owner is someone I have known for a while. He is an older gentleman, in his 70s, and is very old school. I think he might have written Noah a policy for his arc. Anyway, the current system they have in place is very piecemeal. It has a couple of Windows XP machines, one Vista machine and 3 or 4 Windows 7 machines along with an old Dell Vista desktop that was converted into a server with Windows 2K Server installed on it. The company is being sold to one of the employees and is bringing them out of the stone age and she realizes that system changes are going to need to be made.

Here is what I am recommending and why. Please feel free to recommend any changes that need to be made to make it HIPPA compliant.

1. They are looking at changing their current email provider over to Office 365. They are looking at the Office 365 Small Business Premium. Mainly because it gives them Exchange and access to the most recent versions of MS Office. My only concern with this is, is Office365 secure enough on its own for transmitting emails that very will possibly be transmitting ePHI data?
2. Looking at upgrading their server to a new Dell server with Windows SBS 2011 Essentials. That want to go with this version because they can't upgrade any of the XP clients at this time so they need a server that supports it, that is why I am not going with 2012 essentials. Also, they want something that can backup all of the client PCs on the network with one central interface.
3. Looking at configuring the server with a hidden/encrypted partition that will hold all of their data/backups. Probably going to use TrueCrypt to handle this or should I use BitLocker to handle this. My only question would be how do I auto mount the shared drive/partition upon boot? I know how to do it with TrueCrypt just not BitLocker.
4. They also like the idea of the remote access that the SBS provides. My question with this is, is the default setup for this good enough? Or, should I setup a VPN connection through their router/firewall and allow the same remote access - just not with a public facing web site? Or, should I skip this idea all together?
5. For all of the client computers, setting up another hidden/encrypted partition for storing the Outlook data files. Probably looking at setting the PCs up to where you have to enter in a TC PW before it will boot.