Are there frameworks for achieving HIPAA compliance in IT