You can define a tag where the criteria is based on the user account and set the tag to be evaluated on ever ASCI. Furthermore you can define a policy assignment rule to apply policies based on a tag (Menu | Policy | Policy Assignment Rules); however, their is a flaw in this which is it could take up to two hours for the client to actually enforce the new policy when the user logs on.

So when a new user logs in you have no idea where they are on the ASCI cycle which defaults to once an hour. If the agent just completed an ASCI right before the user logged in then it could take up to one hour for a new ASCI which would communicate the currently logged on user account to ePO. Then the tag criteria would run; however, because the tag was not applied when the property set was sent up to ePO (because the property that instructed ePO to apply the tag was just sent up) the client would not actually get the policy based on the tag until the next ASCI after that which means the policy you wish to set could take up to two hours after the user logs on until it gets applied. This may be fine if the logged on user is relatively stable but the other side of this is that if a different user logs on to that same machine it could then take up to two hours before THAT user gets the new policies.

The real solution here is user based policies; however, currently only Site Advisor Enterprise utilizes that feature in ePO. I would encourage you to submit a PER to have other point products (for you it sounds like HIPS) include this functionality on their next release.