Encrypting for HIPAA compliance

I've scrounged through the available modules and found pieces that help, but not any thing that works for me. Does anyone else have similar needs?

I want my users to be able to enter their monthly hours for the volunteer work they do at our health care agency. The data must be kept private, per HIPAA regulations, which means no patient details available in clear text. I have HTTPS available, and have made a webform that collects the data, but it is stored on the server/SQL in clear form. Also, I can make the tabulated data emailed to the volunteer coordinator using GPG with her public key, but this becomes an inelegant, cookbook solution that even so, is not quite complete. Is there a better way to do this? CSE (Client side encryption) had potential of being able to help, but didn't give me what I needed.

I would like:

1. Volunteer fills out form that has patient name, activities, dates and hours, miles driven, etc.
2. User does not need to know or enter password (always use recipient's public key, can be hardcoded)
3. Usable enough for your grandmother (e.g., type info, click submit)
4. At any point in this process, no patient data is exposed, except by shoulder-surfing or by recipient with key pair.

Suggestions are welcome.

One alternative is for the user to download a PDF form that is password-protected, but this is not secure, and intimidating for some people. It also fails #2 above, and possibly #3 and #4.

Dave
www.HHHCVolunteers.org