Best practices for keeping the web server data protected

Question

Lets say I run a medical facility and want a website where my users/patients can lookup their private records. What would be the best solution

Answer 1

While josh poley's and Bala Subramanyam's are good answers, I would add that, if the core value of your business is security you should:

• Hire the best security hackers out of there, pay them very well and make them proud of working for your company
• Hire the best programmers out of there, pay them very well and make them proud of working for your company
• Host your servers into your own buildings, possibly at different longitudes

Hackers and developers will be your main asset, and they should know that. Indeed we can list most common security practices here, but applying our suggestions you won't make your system truly secure, just funny to hack.

When security matters, great talents, passion and competence are your only protection.