Thanks all for the input, sorry for late response as I was traveling. A few more notes/answers:
1. HIPAA/compliance officer. HIPAA - they are aware, but with 5 people, not sure if they have an official "compliance officer" or maybe they do and I just don't know.
2. setup - they are currently sitting behind a cable modem that does not have VPN capability built in (Century Link is the provider - small town cable co.) and they have the OPTION ($10/month) for a static IP.
3. The "server" is located in the office and is always on (server-class HW - Opteron 16-core, 16GB RAM, but running Win7 Pro x64 due to cost of Win Server.). There are 3 other workstations and a laptop that are in the office and connect to the server application (workstations over wired 10M Ethernet and laptop over secure wifi (no client access).
4. application - part of this investigation is determining what VPN solutions are good options and if the application can run over a VPN connection (still waiting for an answer).
5. Hamachi fails to work NOT with the application, but with remaining connected. We are running the free version for 5 users with the client installed on my machine and two laptops that go home with users. we cannot keep the Hamachi client on the "server" connected 24x7. It typically drops connectivity such that no one can ever connect to it. I've run all the diagnostics, opened additional ports, set the timeout to "never," etc. When it is connected it works just great for our testing thus far, which is limited to single RDP sessions to the "server" box (again, running Win7, so only one simultaneous connection allowed). This does not scale.
a. if we could get Hamachi to reliably stay connected 24x7, we could proceed with checking to see if the application will work, etc.
6. Teamviewer - will check it out. Although at first glance, might be too expensive for this guy. Thanks for the suggestion.
7. Commerical HW - I am investigating this route also. I actually work for one of those companies :) Cost is the issue along with ongoing subscriptions/licenses (where applicable).
8. roll-my-own (pfsense, etc) - trying to find something that can be installed, configured, and left alone as I don't have time to be an IT manager and troubleshoot VPN issues :)
Thanks again!