If you're storing HIPAA data and/or PII then just make sure it's encrypted at rest. We just did this at my workplace by using full disk encryption on the disk which stores the DB files. That may not be the best solution, but it appears to work well enough.
-- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d- s+ a- C++++ L+++ S++ B+ P++>++++ E++ W+++ N o? K- !w++++ O- M- V? PS++ PE- Y+ PGP t+ 5+++ X R+ tv b+++ DI++ D++ G+ e-- h- r++ y ------END GEEK CODE BLOCK------
