I was wondering what steps if any need to be taken to ensure that the patient and operational data is secure on a machine and or across the network.
Chris,
I'm far from an expert but until more knowledgeable folks respond I'll offer a couple of quick suggestins. First, in your postgres data/ directory modify pg_hba.conf. Specifying hostssl and an appropriate authentication method will help. Second, partition your users into postgres role specifying what each role can access and do.
The postgresql-9.6-US.pdf manual has all the details.
Another thing to consider is DO NOT create your tables in the public schema. Instead, create a separate schema, then only grant access to that schema and tables to users that are authorized to access them.
--
Melvin Davidson I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.