Administrative safeguards include the policies and procedures your facility uses to manage and protect electronic protected health information (ePHI). Although there are probably many such policies and procedures at your institution, a few examples might include:
- Active review and audits of Information System (IS) activity
- Employee confidentiality agreements
- Employee security clearance policies and procedures
- Employee disciplinary policies
- Data backup and disaster recovery plans
- Risk and vulnerability assessments
The HIPAA Security Rule also requires that sanctions be applied against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.