If you are an organization that manages Personal Health Information (PHI), you are considered a Covered Entity. If you are an organization which provides services to a Covered Entity, you are considered a Business Associate.
Both Covered Entities and Business Associates have a number of Required and Addressable areas of compliance.
A Required specification must be implemented.
An Addressable specification provides the Covered Entity or Business Associate some degree of flexibility in meeting the requirement. For example, you can choose to implement the specification as written; or you can implement an alternative, yet equivalent solution. Whatever your choice, it must be documented. You are not in compliance if you do something "by accident"!
To learn more about the difference between Required and Addressable, read more on the HHS Website.