I'm surprised at the lack of responses to this inquiry. Validation is a huge subject matter area. Assuming you're starting from scratch, I suggest a regulatory compliance-based approach. Work with your regulatory affairs or clinical quality assurance functions to interpret and implement the 21 CFR Part 11 general requirements for electronic records (Section 11.10). Pay attention to access control, change control, standard directory structures, documented procedures for performing regulated tasks, and training.
The security and validation issues are the same for any operating environment. Specific solutions will naturally vary.
Mike Harris