I work for a company that is bound by HIPPA and PCI as well as several industry specific regulations and I'm not sure there is a one size fits all set of regulations that would be possible without becoming burdensome. From a strictly data based view yes data is data and must be secure but HIPPA requires many more regulations that PCI does and I'd hate to see all the HIPPA rules imposed on PCI audits.