HIPAA and HITECH require all individually identifiable protected health information (PHI) be secured. The unfortunate reality for IT professionals is that these acts of Congress arenít prescriptive when it comes to what needs to be done about computer systems. In most cases, they donít specify how to secure PHI; they just insist you get it doneóor else. Huge fines and jail time for failure to comply are not out of the question. And, of course, your companyís reputation is on the line. So, you want to be certain that databases containing sensitive information are fully protected.