I need a secure, web-based application that runs on a Windows environment and keeps full membership records for my practice while respecting HIPAA rules from the ground up. The core data set must capture personal details, current membership status, and a complete activity log for every member. Beyond storage, the system has to trigger and process automatic monthly withdrawals (ACH or card) and give me clear, exportable reports on payments, member counts, and usage trends. All data in transit and at rest must follow HIPAA encryption and access-control standards, with audit trails I can show during an inspection. Primary deliverables • Production-ready web app installed on my Windows server (IIS, .NET, or another framework you recommend) • Database schema and migration scripts • Role-based access control with audit logging • Recurring billing engine integrated with a mainstream payment gateway • Customisable reporting dashboard with CSV/PDF export • Deployment guide and brief HIPAA compliance summary I am happy to review your proposed tech stack as long as it meets the Windows hosting requirement and gives us a clean GUI in the browser. Let me know your approach and relevant experience with medical or other regulated data.