why? the 2 are almost entirely unrelated.

you could be in 100% hipaa compliance and still lose your already encrypted, secured data to nancy the jr sysadmin who opened the wrong email.