[ale] [OT] securing sensitive data

[J.M. Taylor]

All:

I'm building an application that at the very minimum needs to be HIPAA 
compliant (HIPPAA? i can't remember the stupid acronym).  I have the 
luxury of a private, non-internet-connected network and plan to do a hardened 
linux server running mysql to store the data.  As to the front-end, I 
would prefer a web app but it's up to my client and how they feel that 
would be percieved security-wise.  If I don't do a web app, I'm going to 
do a perlTK app, because I know I can secure either of those things.  The 
clients are all Windows of various vintages.  Physical security is nearly 
nil, but I can probably manage to store the server in a locked closet.

Now. Here's the fun part.  Everybody has access to certain sensitive data, 
and only certain people have access to other sensitive data.  I would 
ideally like to keep all sensitive data encrypted (PGP/GPG) in the 
database.  My first quandry is -- putting a private key on the client machine 
seems like a BAD and non-secure method of protecting the data.  I'm almost 
equally nervous about storing their private keys on the server, which at 
least I know will be maintained primarily by me.  

My second quandry is, how on earth do I protect both shared and 
individualized sensitive data?  Would just a shared secret key and 2-way 
encryption be enough for the shared data?   

My third quandry is, if I store all the data encrypted, searching will be 
an absolute nightmare.  Encrypting and decrypting will be expensive, 
and when I say "linux server" I mean a discared PII400 with 512Mb RAM 
at absolute best.  The app is only going to be used by a couple dozen 
people, but still...12 people simultaneously trying to encrypt and 
decrypt would be horrible.

I know nothing about this kind of thing...I know what to be worried about, 
but I'm totally tying myself up in knots trying to sort all of this out.  
Any resources, pointers to howtos, thoughts and experiences would be 
greatly appreciated.

Thanks
Jenn