Dude you know what happens when you assume Nowhere did I see the OP state anything about what interface this application was. He was clearly asked for details, and as quite common complete lack of any useful info missing in the response.
Pretty sure its not on purpose - just quite often people get tasked in the business world with IT stuff they are not familiar with - hey billy your good with computers right, your the one that gets my mouse working when it fails. Could you make sure people can access this from the internet please
This is self evident because of the create of the thread asking the question in the first place If they had the proper skill set to do what was ask, they normally wouldn't be asking for help on a forum with no details of what actual was asked.
I am curious where this IP came from - did they actually give him a public one? Or did they give him the IP of this 2k12 box and ask him to make it public.
There is no where close to details required to actually help the OP given as of yet. We can discuss and debate security practices vpn or not, etc but there is no details to base the discussion on. If its a web application, and the proper device is at the edge to allow for locking down to specific IP as source, and you have say cert auth to a https site - that may be good enough for hipaa?? Not up on the laws since really haven't work in that area for years. This would be maybe even overkill depending on what the data is, etc.
But then again if only being accessed from a company other site - I would have to ask why does this company not already have either point to point, mpls, or just site to site vpn setup? Something that allows the company to talk between their locations without the whole public internet being able to see view the traffic.
What I think we have here is an OP that is way over his head, and asking for help - lets make sure we give him advice that is not going to get him fired when something happens to the server because its not secure enough for the data being presented in some sort of interface, etc.