We here sometimes need to comply with HIPAA
http://www.hhs.gov/ocr/privacy/
Unfortunately, the current FreePBX use of recordings or un encrypted RTP (amongst other things) is not stringently compliant, (the fines are quite onerous for non compliance) Financial transactions are also a cause for concern, merely having DTMF logging in log file could get you in hot water. Just a heads up for those who take a dentist or something like as a client 