Which of the following actions is generally NOT required by administrative measures under HIPAA?

The action of removing all physical barriers to access is generally not a requirement under the administrative measures defined by HIPAA. Administrative measures focus on the policies and procedures that govern the operations and workforce handling protected health information (PHI). This includes the establishment of a security workforce, providing training on HIPAA compliance, and regularly conducting risk analyses to identify and mitigate potential vulnerabilities to PHI.

While physical security measures, such as controlling access to facilities, are important components of HIPAA compliance, they fall more under the category of physical safeguards rather than administrative measures. Therefore, the requirement to remove all physical barriers to access does not align with the primary focus of administrative safeguards, which center on the management and governance of information security practices rather than the physical environment itself.