107
Appendix C: HIPAA Security Rule
Administrative Safeguards
164.308(a)(1)(i)
Security Management Process: Implement policies and procedures to
prevent, detect, contain, and correct security violations.
164.308(a)(1)(ii)(A)
Risk Analysis (R): Conduct an accurate and thorough assessment of
the potential risks and vulnerabilities to the condentiality, integrity,
and availability of electronic protected health information held by the
covered entity.
164.308(a)(1)(ii)(B)
Risk Management (R): Implement security measures sucient to
reduce risks and vulnerabilities to a reasonable and appropriate level
to comply with Section 164.306(a).
164.308(a)(1)(ii)(C)
Sanction Policy (R): Apply appropriate sanctions against workforce
members who fail to compl ...