Administrative Requirements.
A covered entity is required to comply with the administrative requirements of §164.530(b), (d), (e), (g), (h), (i), and (j) with respect to 45 CFR Part 164, Subpart D (“the Breach Notification Rule”).

[Training, complaints to the covered entity, sanctions, refraining from intimidating or retaliatory acts, waiver of rights, policies and procedures, and documentation]

Audit Inquiry

Administrative Requirements: Has the covered entity adequately implemented the required 164.530 provisions as they relate to the Breach Notification Rule? Inquire of management.