LAW
Writer®
Ohio Laws and Rules
(A) Each agency shall have policies and procedures addressing the security of its clinical records system.
(B) Policies and/or procedures for agencies maintaining a computer-based clinical records system shall include consideration of the following components:
(1) Authentication – providing assurance regarding the identity of a user and corroboration that the source of data is as claimed;
(2) Authorization – the granting of rights to allow each user to access only the functions, information, and privileges required by his/her duties;
(3) Integrity – ensuring that information is changed only in a specific and authorized manner. Data, program, system and network integrity are all relevant to consideration of computer and system security;
(4) Audit trails – creating immediately and concurrently with user actions a chronological record of activities occurring in the system;
(5) Disaster recovery – the process for restoring any loss of data in the event of fire, vandalism, disaster, or system failure;
(6) Data storage and transmission – physically locating, maintaining and exchanging data; and
(7) Electronic signatures – a code consisting of a combination of letters, numbers, characters, or symbols that is adopted or executed by an individual as that individual’s electronic signature; a computer-generated signature code created for an individual; or an electronic image of an individual’s handwritten signature created by using a pen computer. Client record systems utilizing electronic signatures shall comply with section 3701.75 of the Revised Code.
R.C. 119.032 review dates: 11/29/2010 and 11/29/2015
Promulgated Under: 119.03
Statutory Authority: 5119.61(A), 5119.611(C)
Rule Amplifies: 5119.61(A), 5119.611(C)
Prior Effective Dates: 9/4/03