|"server off site"|
Whoa! That is a whole can of worms with HIPAA.
Usually, starting small, you would have your own server and your office should have an alarm system preferably monitored.
Backups should be off site which in your case home would be fine as long as its miles away.
You could talk to the EMR software company and see if they have any hosted solutions.
Concerning a server you would first want to determine if this product could run on the server platform and then which platform for example 2003 server or 2008 server.
Your would need help transferring the existing pc based database to the server.
You server should have mirrored drives as a minimun and under a 3 year 7x24x365 on site maintenance warranty so if any of the hardware goes heywire you have someone in to fix it immediately.