HIPAA compliance documents do not tell you exactly what to do in your network. Instead they are a framework to fulfill, here is a link to the HHS information in case you are interested: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html… HIPAA Compliance Equals Basic Security