Organizations covered under HIPAA have three choices: implement the specification as it appears in the Rule, implement an alternative that is equivalent to the specification, or document why the specification is not applicable and therefore is not implemented. Data encryption and strong authentication are key components of the defense-in-depth principle. HBSS’s applications use Transparent Data Encryption (TDE) to address Health Insurance Portability and Accountability Act (HIPAA) requirements.