Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s or business associate’s workforce in relation to the protection of that information.
Sources:
NIST SP 800-66r2
under administrative safeguards
from
HIPAA Security Rule - §164.304