Even if your system does not need HIPAA compliance we recommend using the same, or similar, security measures.
Why would I want to do do this? Basically confidential Patient data should be secured on any system. And HIPAA is just a longwinded way of explaining how to secure patient data. Therefore our HIPAA compliance recommendations for Iguana are simply measures designed to protect patient data, and are valid whether or not you are seeking HIPAA compliance.
How do I do this? Just use the HIPAA documentation, and ignore the HIPAA background material. Start with the Set up Iguana for HIPAA Compliance page and jump straight to the Instructions section. You can also look at the Iguana HIPAA Best Practices section as it explains the reasoning for the security measures in more detail (you can ignore the HIPAA quotes and links).
You may also want to look at some of the supporting documents in the HIPAA Compliance section, like Iguana File Access permissions for HIPAA compliance and Auditing with Iguana for HIPAA Compliance.