(a)  The agency shall provide a secure place with controlled access for the storage of client records or reports, or both, which contain client specific information.

(b)  Only employees, students, volunteers or other individuals who must access client information in order to carry out duties assigned or approved by the agency shall be authorized to have access to such information.

(c)  Only authorized individuals may remove a record or report, or both, from the storage area and that individual shall be responsible for the security of the record until it is returned to the storage area.

(d)  The agency shall be allowed to destroy records in accordance with Record Retention Schedules promulgated by the Division of Archives and History, and state and federal statutes and regulations.

(e)  Area Agencies on Aging and service providers shall establish written procedures to prevent accidental disclosure of client information from automated data processing systems.


History Note:        Authority G.S. 143B‑181.1(c); 143B‑181.10;

Eff. December 1, 1991;

Pursuant to G.S. 150B-21.3A, rule is necessary without substantive public interest Eff. May 23, 2015.