HIPAA and HITECH require all individually identifiable protected health information (PHI) be secured. The unfortunate reality for IT professionals is that these acts of Congress aren’t prescriptive when it comes to what needs to be done about computer systems. In most cases, they don’t specify how to secure PHI; they just insist you get it done—or else. Huge fines and jail time for failure to comply are not out of the question. And, of course, your company’s reputation is on the line. So, you want to be certain that databases containing sensitive information are fully protected.