After reading all of the available materials, I think you have mischaracterized the petition and have missed the mark as to why this petition should not be accepted. The petitioner is not asking for encryption to be allowed for all traffic on all ham bands, as you have suggested at your site:
"FCC is currently processing a request for rule-making, RM-11699, that would allow the use of Amateur frequencies in the U.S. for private, digitally-encrypted messages."
This is a grossly misleading statement, as it overbroadens the actual scope of the petition. When boiled down, the petition is really only asking for one new thing:
"(c) intercommunications when participating in emergency services operations or related training exercises which may involve information covered by HIPAA or other sensitive data such as logistical information concerning medical supplies, personnel movement, other relief supplies or any other data designated by Federal authorities managing relief or training efforts "
For (c) to be valid, there must be emergency services operations happening. No encrypted operations would be authorized at any other time, and certainly there would be no general authorization to send encrypted traffic over Amateur Radio except under these narrowly-defined circumstances.
That said, this is still a bad idea, except for other reasons. The potential for abuse here is not in the use of Amateur Band by unauthorized persons. The potential for abuse here lies in the misuse of the Amateur Bands as a Law Enforcement or Emergency Services medium, which is completely contrary to the mission and purpose of Amateur Radio. Indeed, all emergency services are already granted their own spectrum, upon which encryption is allowed. Anyone acting in a medical emergency service who could possibly be the authorized recipient of PHI is going to also be equipped with a radio operable in these bands.
In essence, this proposal would serve to "militarize" Amateur Radio in times of emergency, and possibly be abused by the State to quash the voices of Amateur Radio operators during a declared emergency, and even prevent them being able to lend assistance.
Furthermore, it would appear that the petition is moot, since HIPAA already has provisions for the "incidental disclosure" of PHI during the treatment of patients. These provisions were included to address the specific problem this petition seeks to address, which is the use of unencrypted radio systems to communicate between emergency services personnel to facilitate the treatment of patients in the field. So, there is no need to allow encryption to "protect" those who are authorized to transmit and hear PHI under HIPAA. They are already protected.
Amateur Radio operators have no business participating either directly or indirectly in the treatment of patients outside of rendering first aid or other Good Samaritan works that are already completely protected from liability by Law.
In conclusion, the laws as they are written today provide for the communication and indirect disclosure of PHI by emergency services personnel over unencrypted radio systems, and Amateur Radio rules allow non-Amateurs to use the Amateur Bands under the supervision of a licensed operator. There is nothing that needs to be done, and the petition should be dismissed as moot.