The application must implement basic security behaviors:
Authenticate using at least a user name and a password.
Based on the user role, the user may only access categories they have been given permission to access.
Sensitive data must be encrypted (Patient Notes).
Data sent across the network cannot be modified by a tier.
In the later releases we may implement logging of sensitive actions.