Cyber Security Policy for your LTPAC Facility: the Administrative Safeguard Components (Part 3 of 5)

Administrative Safeguards


As discussed in the previous blogs, a cyber security policy is crucial for any facility operating within the LTPAC industry.  While physical security components are the first line of defense against physical cyber intrusions, a second crucial layer is to develop a comprehensive plan addressing administrative safeguards.


Administrative Safeguards

Administrative safeguards, as defined by HIPAA, are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s or business associate’s workforce in relation to the protection of that information.


Administrative safeguards involve addressing and preventing the risk of unauthorized access by unauthorized users. This means that your policy must clearly spell out how you will ensure that only authorized users have access to your records, databases, and confidential communications.


Administering Access Controls and Authenticating User Identification

In accordance with HIPAA regulations, only authorized users should have access to the aforementioned information. For this reason, your policy must include administrative safeguards.


Administrative safeguards include, but are not limited to, such measures as:


For further information regarding specific HIPAA standards for administrative security standards and the security management process, click here. As always, you may have to add additional administrative safeguards to your cyber security plan based on any specialized equipment in your facility such as tablets, handheld devices, and any electronic medical equipment.


The next two blogs will discuss the next element of a comprehensive cyber security policy, developing and implementing technical safeguards, as well as outline how to develop a contingency plan in the event of a cyber breach or attack. Additionally, the blogs will provide resources for LTPAC managers and professionals.


Next blogs: