The Privacy Rule includes these administrative requirements:
- Every covered entity must designate a Privacy Official (Officer). You should know who your privacy official is and how to contact him/her.
- All staff must participate in HIPAA training.
- Safeguards must be in place to protect PHI.
- There must be a process to handle complaints from individuals about the way their PHI is handled.
- There must be a procedure to discipline employees who do not comply with privacy policies.