Sorry for a late response.
Yes - using Permissions you can tweak to do this. You have to define clear rules as who can have access to what records.
If - on the other hand you are looking at multi tenant setup to run multiple instances of separate tenants / organizations from the same codebase (single epesi installation) - then yes - this also can be done.
Check our epesi trial - this is a multi-tenant setup: http://epe.si/hosting/
