Organizational Requirements (164.314)

Section 164.314 of the HIPAA Security Rule sets out the organizational requirements that covered entities and business associates must implement, including documented policies, procedures and oversight responsibilities to protect electronic protected health information. It also mandates workforce training, security incident response planning and periodic review of compliance measures to ensure ongoing risk management.