1.7.2 Confidentiality of Consumer Records


Contract service providers must maintain

  • the confidentiality of all consumer-related records and information in full compliance with
    • state and federal regulations, and
    • sound professional practices; and
  • policy that ensures that these confidentiality requirements are met.

At all times, contract service providers must ensure that (a) consumer information is used only for fulfilling contractual responsibilities, and (b) consumer information is not released to any other person, agency, or organization.

Contract service providers must develop and maintain a confidentiality policy statement and must establish procedures that restrict access to confidential consumer-related records and information. This provision must not be construed to limit the right of DBS staff members or other authorized representatives to access consumer case records or other information relating to DBS consumers who receive products or services purchased under the contractual agreement.

Contract service providers must take appropriate action to provide physical safeguards for confidential records and ensure that confidential records are available only to authorized staff members. Consumer case records must be stamped or marked CONFIDENTIAL on the front and back and must be stored under lock and key in a location with maximum protection against fire, water damage, and other hazards.

Contract service providers must ensure that all consumer records are properly shredded at the end of the required retention period (see Records Retention below) and before disposal.