Administrative safeguards include the policies, and procedures that your facility uses to manage and protect electronic protected health information (ePHI). Although there are probably many such policies and procedures at your institution, a few examples might include: Active review and audits of IS activity
Employee confidentiality agreements
Employee security clearance policies and procedures
Employee disciplinary policies
Data backup and disaster recovery plans
A covered entity or business associate is required to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the covered entity or business associate.
The HIPAA Security Rule also requires that sanctions be applied against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.