Doesn't surprise me. They would already be implementing legislation to restrict the use of encryption if they could.
As a business with data protection responsibilities, and particularly after the Sony hack, one would have thought that standard business practice now (to satisfy legislative and fiduciary responsibilities) would be to encrypt everything, both in transit and at rest. Not to do so these days - IMO for any business, not just HIPAA - is basically irresponsible and should be illegal and evidence of negligence. I would like to see increased shareholder activism and pressure on legislators to make this mandatory. And sadly, I think this is the best way to fight the silly give-us-your-golden-key mentality that persists and keeps on returning like some bad B-grade horror movie.