•
Secure Entry: Electronic data entry is conducted through encrypted systems. Where paper forms are used, they are kept in locked storage until digitized.
Verification: During audits, compliance officers verify that consent forms are completed and that data collection processes adhere strictly to approved procedures.
2. Storage of Information
Purpose: Maintaining the security and integrity of PHI from the moment it is collected is paramount. Records must be stored in a manner that prevents unauthorized access, tampering, loss, or destruction.
Procedures:
•
Electronic Storage: All digital records are stored in a centralized, encrypted electronic records system. Access is controlled through individual login credentials and multi ‑ factor authentication. • Physical Storage: Paper records are stored in locked, fire ‑ resistant filing cabinets located in secure areas with controlled access. When not in use, documents are stored in designated secure rooms. • Backup Procedures: Regular backups of all electronic records are performed daily, with backups stored on secure off ‑ site servers. The IT department conducts regular restoration tests to ensure data integrity. • Data Retention: Specific retention schedules are maintained per regulatory guidelines for each category of information. For example, client records are retained for at least seven years after the termination of services. Verification: Quality Assurance staff perform monthly audits of both electronic and paper storage systems to verify adherence to security protocols and proper retention practices.
3. Access and Use of Information
Purpose: Access to client PHI is strictly limited to authorized personnel who require the information to perform their job duties. This prevents unauthorized use, disclosure, or misuse of sensitive information.
Procedures:
•
Role-Based Access Controls: Access to the electronic records system is provided based on job roles. Each
Waiver Consulting Group © 2025 | 352
Powered by FlippingBook