(a)  The agency shall provide a secure place or places with controlled access for the storage of records.  Only individuals who must access client information in order to carry out duties assigned or approved by the agency shall be authorized access to the storage area or areas.

(b)  Only authorized individuals may remove a record from the storage area or areas and the authorizing individual shall be responsible for the security of the record until it is returned to the storage area or areas.

(c)  The agency shall establish procedures to prevent accidental disclosure of client information from automated data processing systems.

(d)  The director shall assure that all authorized individuals are informed of the confidential nature of client information and shall disseminate written policy to and provide training for all persons with access to client information.


History Note:        Authority G.S. 108A-54; 108A-80; 42 C.F.R. 431.306;

Eff. September 1, 1984;

Amended Eff. August 1, 1990;

Transferred from 10A NCAC 21A .0405 Eff. May 1, 2012;

Pursuant to G.S. 150B-21.3A, rule is necessary without substantive public interest Eff. July 23, 2016.