Yeah my big main concern is the HIPAA compliance...especially since theres some legislation now about prosecuting administrators when there is a breach of security :x

Thanks for all the suggestions guys...I got a team at CDW now working up a solution as well that would be HIPPA compliant...gonna see what they recommend...I imagine its gonna be about the same as what you guys recommended, with the VPN equipment.