Tim, I use W2K NTFS with encrypted passwords, which I presume is difficult to crack, in addition to a physical barrier (a securely locked closet). I use a bios password, although there is a physical jumper to reset the bios (and the password). The floppy and CD are disabled from the boot process to prevent booting an alternate OS.
Since the link is made from the remote backup to the server, little knowledge exists at work as to the location of the backup machine. In addition, the VPN is encoded so that it should be very difficult to intercept the data enroute between the two systems. Lastly, I am a firm believer in being "under the radar" with most things. It is unlikely that a common thief would target my home (we live in a modest tract home) and in the event that the backup machine was discovered in a breakin, what interest would they have in medical records, assuming that they could be accessed? My concern was of the legality of storing the records in a personal residence, here in the US. While I am no longer concerned about our disaster recovery procedure should the main facility be destroyed, I have my reservations about warehousing the data at home. Until a better solution is presented, this will have to do. Mike
