Overview:
§164.414(a)
Administrative Requirements
A covered entity is required to comply with the administrative requirements of §164.530(b), (d), (e), (g), (h), (i), and (j) with respect to 45 CFR Part 164, Subpart D ("the Breach Notification Rule").
[Training, complaints to the covered entity, sanctions, refraining from intimidating or retaliatory acts, waiver of rights, policies and procedures, and documentation]
Action Items:
1) Administrative Requirements: Has the covered entity adequately implemented the required 164.530 provisions as they relate to the Breach Notification Rule? Inquire of management.
Related Documents:
1) Documented implemented provisions as they relate to the Breach Notification Rule
2) Written policies and procedures regarding breach notification
3) Documentation validating employee training on these procedures
4) Documented sanctions against workforce members who do not comply with these policies and procedures.
Additional Guidance:
Covered entities are also required to comply with certain administrative requirements with respect to breach notification. For example, covered entities must have in place written policies and procedures regarding breach notification, must train employees on these policies and procedures, and must develop and apply appropriate sanctions against workforce members who do not comply with these policies and procedures.
Article ID: 597
Created: September 29, 2022
Last Updated: September 29, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-privacy-administrative-164-414-a-597.html