[noir_lord]

I'm in the early stages of planning a system that holds medical data as a side project and the security aspect is giving me real pause about going ahead, I just don't know if I can reach a level of security I'm comfortable with while allowing users to enter that kind of data.

The existing standards are mostly crap and I'm a generalist not a security expert.

[_s]

We've done a few patient management platforms; feel free to reach out to me if want to bounce ideas - they're not as hard as you think, and you can generally find an acceptable balance between encryption / security / safety, effort & usability. Your local gov\medical board will also have guidelines available of standards you need to adhere to when handling confidential patient data over the wire; most of these docs are pretty old school but can be adapted easily with modern libraries and practices.

The harder bit is keeping nefarious actors out when they're determined to get in, and the hardest bit is user carelessness.

[noir_lord]

Thank you, I might just do that.

I'm in the UK but I've found the american standards often more informative as a guide when it comes to just getting an overview.