There are two primary protection needs for health data - when it is being transmitted between entities and when it is in storage. These two security needs can both be met with encryption, and you will see references in the health IT security space and in infosec generally to encryption of "data in transit" and "data at rest." With Internet transmissions, including those using cloud computing, the default for encrypting data in transit is to use a connection-based protocol like TLS or SSL (with SSL it is now customary to specify v3, since v2 has been shown to be less secure and is unacceptable when complying with security standards like PCI). For instance, the security standards used for the Nationwide Health Information Exchange specify secure connections with mutually-authenticated channels using SSL or TLS.
For encryption at rest, the first step is to decide to encrypt it at all, since encryption of data at rest is "addressable" rather than required under HIPAA. The easy reason to do it is that when you encrypt your data you give yourself an out from federal health data breach notification rules, which only apply to unsecured data. As for strength of technology, in the government you need to use encryption that meets FIPS 140-2 standards, and if that's good enough for the Department of Defense, it's probably good enough in general. To apply this protection in the cloud, it's important that cloud customer demand their providers use appropriate encryption technologies and follow the right processes and procedures to safeguard the data placed in their custody.