There is no such identifiable thing as "HIPAA compliant encryption" AFAIK, there is only what is considered best-practices, and that's an entirely locally-mandated discussion, and it's a moving target particularly with encryption.
This usually involves a discussion with somebody that specializes in regulatory compliance — the consultant or auditor that Linc Davis mentions would be an example — and what's then selected and approved by your regulatory compliance and lawsuit-avoidance folks (involving your "security official", whoever that may be), and usually what's recommended by an external entity with sufficient insurance coverage that's been formally retained in the organizational "backside covering" or "risk shifting" role.
Here's a summary of the regulations, and here are (some of) the specific details of the requirements.
Not running a current version of OS X in this particular context does seem ill-advised, however. While Best Practices is inherently a moving target, older software versions will not likely be considered Best Practice. Older versions tend to have errors and older encryption implementations, and these can be fixed or updated or replaced in newer versions, after all.
I'd tend to assume that FileVault2 or equivalent will be minimal here (particularly for mobile devices and to reduce the risk of data exposure due to wholesale device theft), though the access auditing and related is going to be central to the discussion. You may well want and will probably need to encrypt specific data, but you're definitely going to need accountability and auditing and access control atop the encryption.
Linc Davis is correct. Engage a specialist here.