You'll need a way to tie the remote networks into your network before using VLANS. You can use a VPN on each end and set the endpoint to the EMR server if you're just wanting access to it. If you set the VPN scope to include your entire network, then you could create VLAN's and isolate traffic that way. But I've been down that road, and it can be a lot of overhead to manage. I went to metro fiber to all our clinics, 12 in all. Each has a 1gb fiber connected back to the hospital. Now each clinic is part of the hospitals network, same subnet. I use VLAN's across it to separate normal network. VLAN20(email, internet, EMR), VLAN15(VOIP), VLAN10(Public Internet) etc.