1. Increase administrative control: this step can be achieved by updating the security policies and procedures; training employees in privacy and security; and keep updated background checks on employees that have access to patient information.
2. Access monitoring: access can be to the area where patient records are, and to the computer systems. This can be done by: Restrict unauthorized individuals to access the areas; create