SecurityMetrics Blog: Some entities are required to comply with both HIPAA and the PCI DSS, namely, covered entities and business associates that accept credit, debit, or other payment cards. Many believe if they are compliant with one, it covers the other. Those people are mistaken.