HIPAA refers to laws that apply to covered entities and business associates regarding the privacy, security, and accessibility of electronic protected health information (ePHI). Covered entities and business associates use this information to provide services to the public such as medical care, and the filing and billing of medical claims. Covered entities include doctor’s offices, hospitals, healthcare providers, health plans, and healthcare clearing houses.

Business associates are defined as “A person or an entity that creates, receives, maintains, or transmits PHI for a regulated healthcare function.”

According to the Office for Civil Rights, the Security Rule defines administrative safeguards as, “administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information (ePHI) and to manage the conduct of the covered entity’s workforce in the relation to the protection of that information.”

Examples of administrative controls can be things like employee training, security awareness, written policies and procedures, incident response plans, business associate agreements, and background checks.