Data security and privacy controls are things to consider carefully. Depending on the jurisdiction you fall in, there can even be legislation that you need to follow (e.g. HIPAA).

Having a strong data protection and a clear privacy statement is not only good for your peace of mind, it also demonstrates that you care about your customers data and set you apart from other healthcare businesses. Here in the Europe there are strong directives for protecting private identifiable personal data and especially anything related to healthcare.