In most cases where regulations mandate encryption at rest it generally would apply to the system as a whole due to the fact that the regulated data will frequently be copied into logs, swap space, and other areas of the system. Likewise it would be accessed by other applications on the system for things like file integrity monitoring, backup, anti-virus scanning, etc...
For these reasons just encrypting the USER directory would not normally be acceptable. Likewise there are additional security risks to not doing full disk-encryption in the event the system (or it's backup) are compromised.