For a new health care web application, one of the requirements is for the application to be HIPAA compliant by protecting patient privacy. As a developer, which of the following technical specifications would you NOT need to include when planning your application?

a$.$ A strong enough password policy that includes letters, numbers and special characters and is at least $16$ characters long

B$.$ Ensure that your website is secured with an SSL certificate

C$.$ Encrypt data in the database

D$.$ Automated logout from the session after a certain number of minutes with no activity by the specific user