Each agency must:
(1) Maintain a comprehensive clinical record system that includes policies and procedures that protect an individual's personal health information;
(2) Ensure that the individual's personal health information is shared or released only in compliance with applicable state and federal law;
(3) If maintaining electronic individual clinical records:
(a) Provide secure, limited access through means that prevent modification or deletion after initial preparation;
(b) Provide for a backup of records in the event of equipment, media, or human error;
(c) Provide for protection from unauthorized access, including network and internet access;
(d) Provide that each entry made in an individual's clinical records clearly identifies the author and who approved the entry, if applicable; and
(e) Prohibit agency employees from using another employee's credentials to access, author, modify, or delete an entry from an individual's clinical record;
(4) Retain an individual's clinical record, including an electronic record, for a minimum of six years after the most recent discharge or transfer of any individual;
(5) Retain a youth's or child's individual clinical record, including an electronic record, for at least six years after the most recent discharge, or until the youth's or child's twenty-first birthday, whichever is longer; and
(6) Ensure secure storage of active or closed confidential records.
[Statutory Authority: RCW
71.24.037,
71.05.560,
71.34.380,
18.205.160,
71.24.037 and chapters
71.05, 71.24, and
71.34 RCW. WSR 21-12-042, § 246-341-0425, filed 5/25/21, effective 7/1/21. Statutory Authority: 2018 c 201 and 2018 c 291. WSR 19-09-062, § 246-341-0425, filed 4/16/19, effective 5/17/19.]