Ok, I’ve been Googling around, and I understand that the basics of HIPAA (Health Insurance Portability and Accountability Act) from a computer security perspective is to keep all patient information on a need to know basis. But when I look around for real tech guidelines all I get is loose “policy” information, nothing like “You must use at least 104 bit WEP on WAPS” or anything technical. My question is, what does HIPAA really mean from a security tech’s perspective? How do you know your “compliant”?