We use a Netopia firewall for protection from WAN traffic. We would like to add a wireless access point so one user in a new office across the street (100 ft.) can have LAN access. In this case there is also a Unix server on the LAN that contains patient sensitive information, so we MUST keep the LAN secure. I must provide access and keep the LAN tightly secure due to HIPAA regulations about patient data.
Can you point me in the right direction for adding a wireless access point and whatever else I need to provide foolproof security (VPN, Firewall, etc?)
You didn't say which Netopia firewall you are using, but I'm going to guess the Netopia R910 broadband router. This router supports both PPTP and IPsec VPN tunnels. Netopia will configure your router to handle incoming VPN tunnels - for a price. Or you can try to configure your own router, with the help of Netopia's fairly-detailed VPN Tech Notes. On the client side, start with the Microsoft Windows PPTP client (part of dial-up networking in all Windows operating systems) and then upgrade to the much stronger IPsec once you have PPTP working. Instructions for doing this can be found in Netopia's Tech Notes.
The VPN tunnel gives you robust authentication and encryption for all traffic between the client across the street and your office LAN. The next step is to get traffic flowing across the air. I suggest placing a wireless access point (AP) on the outside Ethernet that connects your Netopia firewall to your Internet access router. This makes sure that outsiders cannot get into your office LAN, whether from the Internet or over wireless, without successfully passing VPN authentication.
Since you are only connecting one wireless station, that station is just 100 feet away, and you'll be using VPN for security, an entry-level AP will probably do the trick. You still want basic security measures in your AP - like a MAC access control list - to stop war drivers from freeloading on your Internet uplink. You don't really need a wireless router/firewall because your Netopia already provides that function, so just look for a simple AP - for example, the D-Link DWL-2000AP, LinkSys WAP54G, or NetGear WG602. I've given examples that support the draft 802.11g standard, but you could probably use older 802.11b products instead (particularly with just one client.)
I've recommended using a VPN tunnel for security because you expressed a need for strong security, you only have one station in a fixed location, and your existing firewall can support VPN tunneling. If you had to deal with a large number of roaming stations, I might suggest other alternatives.