Records Retention and Access Requirements · Web viewRecords Retention and Access Requirements...

PARTNERSHIP HEALTHPLAN OF CALIFORNIA

POLICY / PROCEDURE

Policy/Procedure Number: CMP-30 Lead Department: Administration

Policy/Procedure Title: Records Retention and Access Requirements External Policy Internal Policy

Original Date: 09/04/2012 Next Review Date: 08/23/2019Last Review Date: 08/23/2018

Applies to: Medi-Cal Healthy Kids Employees

Reviewing Entities:

IQI P & T QUAC OPERATIONS EXECUTIVE COMPLIANCE DEPARTMENT

Approving Entities:

BOARD COMPLIANCE FINANCE PAC

CEO COO CREDENTIALING DEPT. DIRECTOR/OFFICER

Approval Signature: Liz Gibboney, CEO Approval Date: 08/23/2018

I. RELATED POLICIES: A. CMP-18 Reporting Privacy IssuesB. CMP-37 Requirements for Offsite Storage and Records DestructionC. FIN-900-100-Record Storage

II. IMPACTED DEPTS.: All.

III. DEFINITIONS: A. Authorized designee: an individual given the power to act as a substitute for and make

decisions on behalf of another individual B. Delegate : An external entity that Partnership HealthPlan of California (PHC) has given the authority to

perform an activity/activities that PHC would otherwise perform as defined by the National Committee for Quality Assurance (NCQA) standards.

C. Records and documents: include, but are not limited to, physical books or records originated or prepared pursuant to performance under the contract with the Department of Health Care Services (DHCS). This includes working papers, reports submitted to DHCS, financial records, all medical records, medical records and prescription files, and other documentation pertaining to medical and non-medical services rendered to members, regardless of the manner in which the record has been stored.

D. Subcontractor : A person or entity who enters into a subcontract with PHC. Assessing whether an entity is a Subcontractor depends on the relationship between the entities and the services being performed, not on the type of persons or companies involved. A person or entity is deemed a subcontractor if: 1) they are either a provider of health care services that agreed to furnish Covered Services to PHC Members, or 2) has agreed to perform any administrative function or service for PHC specifically related to fulfilling PHC’s obligations to DHCS under the terms of the DHCS/Medi-Cal contract.

IV. ATTACHMENTS:

N/A

V. PURPOSE: This policy establishes requirements of Partnership Health Plan of California (PHC), a managed care organization (MCO) and its subcontractors, delegates, and/or providers for retaining and making available premises, contracts, books, documents, records, financial statements, equipment, computers, or other electronic systems, in accordance with contractual obligations and/or federal and state regulations for the purpose of any audit or investigation, of any PHC program. Such records shall be retained pursuant to

of 16

Policy/Procedure Number: CMP-30 Lead Department: AdministrationPolicy/Procedure Title: Records Retention and Access Requirements

☒External Policy☒Internal Policy


Applies to: ☒ Medi-Cal ☐ Healthy Kids ☐ Employees

requirements described under this policy.

VI. POLICY / PROCEDURE: Policy.A. Administration of Record Retention

1. The Chief Executive Officer (CEO) or their authorized designee, the Compliance Officer, and the Chief Information Officer are responsible for the administration of record retention processes and procedures governing related activities.

B. Record Retention Timeframes 1. PHC and its subcontractors, delegates, and/or providers shall maintain records and documents in

accordance with the provisions of this policy and those requirements set forth under applicable regulation as follows:

a. A minimum of ten (10) years from the final date of the contract period, from the date of completion of any audit, or from the date the service was rendered, whichever is later for records originated or prepared pursuant to DHCS contractual obligations ;

b. A minimum of ten (10) years from the final date of the contract period, from the date of completion of any audit, or from the date the service was rendered, whichever is later for records for adult members over the age of twenty-one (21),; and

c. For the period from birth, or the age a minor member became eligible with PHC, to the age of twenty-one (21) or ten (10) years from the final date of the contract period, from the date of completion of any audit, or from the date the service was rendered, whichever is longer for records for members under the age of twenty-one (21).

2. Pursuant to DHCS contract 08-85215, Exhibit G, Attachment A, Provision I (A)(C)(D), PHC and its subcontractors and/or delegates shall maintain personnel records for a minimum of six (6) years following termination. Records shall include:

a. Annual information security, privacy, and fraud, waste and abuse training;b. Records of validation checks for employee exclusion from the Office of Inspector General

(OIG) System for Award Management (SAM) and List of Excluded Individuals/Entities (LEIE) databases;

c. Confidentiality statements and/or code of conduct attestations; andd. Background check documentation.

C. Record Retention Requirements: 1. PHC and its subcontractors, delegates, and/or providers shall retain and make available contracts,

books, documents, records, and financial statements, regardless of mechanism in which the materials were produced or retained, in accordance with the provisions of this policy and those requirements set forth under applicable regulation. This includes, but is not limited to:a. Member Grievance and Appeal records as required under Title 42 of the Code of Federal

Regulations (CFR) Section 438.416, including: i. A general description of the reason for the appeal or grievance.

ii. The date received.iii. The date of each review or, if applicable, review meeting.iv. Resolution at each level of the appeal or grievance, if applicable.v. Date of resolution at each level, if applicable.

vi. Name of the covered person for whom the appeal or grievance was filed.b. Base Data defined by 42 CFR 438.5 (c), including:

i. Validated encounter data ii. Fee-for-service data as applicable

of 16





iii. Audited financial reports c. Medical Loss Ratio (MLR) reports as required under 42 CFR 438.8(k), including the following

information for each MLR reporting year : i. Total incurred claims.

ii. Expenditures on quality improving activities.iii. Expenditures related to activities compliant with § 438.608(a)(1) through (5), (7), (8)

and (b).iv. Non-claims costs.v. Premium revenue.

vi. Taxes, licensing and regulatory fees.vii. Methodology (ies) for allocation of expenditures.

viii. Any credibility adjustment applied.ix. The calculated MLR.x. Any remittance owed to the State, if applicable.

xi. A comparison of the information reported in this paragraph with the audited financial report required under § 438.3(m).

xii. A description of the aggregation method used under paragraph (i) of this section.xiii. The number of member months.

d. Data, information, and documentation as required under 42 CFR 438.604, 606, 608, 610, including:

i. Encounter data in the form and manner described in § 438.818.ii. Data on the basis of which the State certifies the actuarial soundness of capitation rates

to MCO under § 438.4, including base data described in § 438.5(c) that is generated by the MCO

iii. Data on the basis of which the State determines the compliance of the MCO with the medical loss ratio requirement described in § 438.8.

iv. Data on the basis of which the State determines that the MCO has made adequate provision against the risk of insolvency as required under § 438.116.

v. Documentation described in § 438.207(b) on which the State bases its certification that the MCO has complied with the State's requirements for availability and accessibility of services, including the adequacy of the provider network, as set forth in § 438.206.

vi. Information on ownership and control described in § 455.104 of this chapter from MCOs, entities, and subcontractors as governed by § 438.230.

vii. The annual report of overpayment recoveries as required in § 438.608(d)(3).viii. Attestation for certification of data submitted pursuant to 42 CFR 438.604

ix. Administrative and management arrangements or procedures to detect and fervent fraud, waste, and abuse

x. Provider screening and enrollment policies, procedures, and activities xi. Disclosures of prohibited affiliations as described under 42 CFR 438.610

xii. Disclosures of ownership and control as described under 42 CFR 455.104xiii. Documentation of and policies and procedures governing treatment of recoveries of

overpayments to providers e. Medical Records and Records or Services Rendered pursuant to Welfare and Institutions (W&I)

Code § 14124.1;f. Disclosures of member Protected Health Information (PHI) as described under 45 CFR 164.528;g. Disclosures of member PHI related to substance use disorder (SUD) services pursuant to 42

CFR §2.13(d) and § 2.31(a)(4)(iii)(B)(3);h. Disclosures of member PHI related to mental and behavioral health services pursuant to WIC §

5328.6;

of 16





i. As applicable, documentation of member preference in sharing PHI through Health Information Exchanges which PHC facilitates or is a party to;

j. Documentation of subcontractor/delegate monitoring and auditing activities;k. Documentation of governing body and it’s sub-committee(s) meetings: regular, special, and ad

hoc; l. Subcontractor, delegate, support vendor, and provider agreements; m. Documentation pertaining to medical and non-medical services rendered to members; andn. As applicable, documentation of authorized representation or other legal authority as described

under Health and Safety Code 123105(e) for any individual to act on behalf of a PHC member 2. All records required to be retained due to pending or threatened litigation or investigation shall be

retained as long as the litigation or investigation is active, plus any additional retention period as required pursuant to this policy or applicable regulation.

3. The requirement for retaining records applies to originating and receiving departments. Where multiple departments are responsible for action related to a single record, those departments should agree and document which department will be responsible for retention of the shared documentation.

4. Where records are not created by PHC, but used in actions taken by PHC (e.g. medical records for a potential quality issue review), those records should be maintained in accordance with this policy.

D. Standards for Offsite Storage of Records Originated or Received by PHC1. Offsite storage shall be managed pursuant to PHC policy and procedure CMP-37 PHC Requirements

for Offsite Storage and Records Destruction.

E. Standards for Electronic Records 1. All electronic records, including, but not limited to, email sent or received by PHC employees,

temporary employees, volunteers, interns, Board Members and PHC subcontractors and delegates in direct relation to operations as described under this policy, are considered record and must be retained according to this policy. In creating records through email, originating parties shall: a. Retain messages for the required retention period, including, but not limited to, names of the

sender, recipient, date/time of the message and any attachments must be retained with the message;

b. Comply with legal hold requirements of this policy for the retention of emails and fully cooperate with PHC management in responding to legal and PHC requests for email documentation which may be relevant to a claim, litigation or investigation; and

c. Refrain from use of third party email providers for PHC business, such as home/personal email accounts or web based email providers (e.g. Yahoo, Gmail). Sending PHI to a personal email account is considered a reportable privacy issue, and must be handled in accordance with PHC policy and procedure CMP-18 Reporting Privacy Incidents.

F. Subcontractor, Delegate, and Provider Agreements1. Subcontractor, delegate, and support vendor agreements shall include language that requires the

entity/individual to comply with record retention provisions of this policy and/or applicable federal and state regulations or have terms and conditions that are equal to or exceed those required under this policy. Departments that enter into agreements with subcontractors, delegates, support vendors, or providers are responsible for monitoring compliance with this policy.

G. Inspection Rights 1. Through the end of the minimum records retention period, PHC and its subcontractors,

delegates, and/or providers, shall provide an authorized agency or its designee, with the required access to premises, contracts, books, documents, records, financial statements, equipment,

of 16





computers, or other electronic systems at any time during normal business hours for audit and other investigative activities. Authorized entities shall include, but not be limited to: a. Centers for Medicare and Medicaid Services (CMS)b. Comptroller Generalc. Department of Health Care Services (DHCS) d. Department of Managed Health Care (DMHC)e. Department of Justice (DOJ)f. Health and Human Services Office of Inspector General (HHS OIG)g. National Committee for Quality Assurance (NCQA)h. Office of Civil Rights (OCR)

2. If any regulatory agency has reason to believe that any of PHC’s subcontractors, delegates, and/or providers are responsible for or a party to fraud or similar unlawful activities, those authorized agencies or their authorized designee may audit, inspect, evaluate, or inspect the subcontractor or delegate at any time.

a. Upon completion of an investigation by a regulatory agency, the authorized agency retains the authority to suspend or terminate a subcontractor, delegate, or provider from participation in the federal Medicaid program, including, exclusion from participation in the State Medi-Cal Program, seek recovery for overpayments, and impose sanctions, up to required termination of agreement with PHC.

H. Review and Destruction of Documents 1. PHC departments are responsible for the review and purging of records that fall outside of the

minimum retention periods described under this policy and applicable regulation.2. Requests to destroy PHC documentation described under this policy shall be made pursuant to

PHC policy and procedure CMP-37 Requirements for Offsite Storage and Records Destruction.Procedure.A. Access to Records

1. PHC and its subcontractors, delegates, and/or providers shall provide an authorized entity with the requested and required access to premises, contracts, books, documents, records, financial statements, equipment, computers, or other electronic systems at any time during normal business hours for audit and other investigative activities.

VII. REFERENCES:A. 42 CFR 438.3(u)(v)B. 42 CFR 438.5(c)C. 42 CFR 438.416D. 42 CFR 438.8(k)E. 42 CFR 438.3(m)F. 42 CFR 438.604, 606, 608, 610G. 42 CFR 438.818H. 42 CFR 438.116I. 42 CFR 438.230J. 42 CFR 455.104K. 42 CFR §2.13(d) and § 2.31(a)(4)(iii)(B)(3)L. 45 CFR 164.528M. Health and Safety Code 123105(e)N. Welfare and Institutions Code (WIC) § 14124.1O. WIC § 5328.6

of 16





P. California Civil Code §2031.060Q. DHCS Contract 08-85215:

i. Exhibit E, Attachment 2(17)(B)ii. Exhibit G, Attachment A, Provision I (A)(C)(D)

R. Title 28 California Code of Regulations (CCR) §1300.85.1

VIII. DISTRIBUTION:A. SharePointB. Directors

IX. POSITION RESPONSIBLE FOR IMPLEMENTING PROCEDURE:Compliance OfficerChief Executive Officer

X. REVISION DATES: Medi-Cal:09/04/2012, 06/01/2016, 05/17/2017, 08/23/2018

PREVIOUSLY APPLIED TO:PartnershipAdvantage:CMP-30 - 09/04/2012 to 01/01/2015CMP-31 – 06/04/2013 to 01/01/2015Healthy Families:CMP-30 - 09/04/2012 to 03/01/2013CMP-31 – 06/04/2013 to 03/01/2013Healthy Kids:CMP-30 - 09/04/2012 to 12/31/2016CMP-31 – 06/04/2016 to 12/31/2016

of 16





ATTACHMENT A

Offsite Storage Pre-Mailing Checklist

PHC staff must ensure the following steps are completed prior to requesting approval for the offsite storage request. Your department director, or their designee, must sign off on this checklist. This serves as your department’s attestation that all steps according to policy CMP-30 have been completed.

Department:

Box ID(s): (A list may be attached if extra space is needed)

Checklist items:

I have followed internal department policy, and the minimum requirements of this policy, including:

Creating/completing an accounting form of the types of information in this box, including a list of members and/or providers, types of information and types of PHI contained in the box.

Certifying to my department director or designee that the accounting form is accurate and complete.

If this box has been modified, that an updated accounting form has been created and the original accounting form has been saved.

Signed:

Department Director or Designee Date

Requesting Staff Date

of 16





ATTACHMENT B

Offsite Storage Instructions

A. Box and tape up contentsB. Go to www.datasafe.com/clientlogin/webaccess.asp. Do not use website for rush or emergency orders. For rush, or after hour emergencies call: 650-875-3700.

1. Hard Copy Client.2. Login: User ID / Password (User Name was issued from DataSafe. Password is subscriber number located on DataSafe Authorized Subscriber Card issued from DataSafe.).3. Main

C. Request a Pick-Up:1. Main - select “Pick UP”2. Enter the total number of boxes to be picked up in the Quantity field.3. Select “Add Pick Up Request”.4. Select “View Order(s)”.

D. Select “Send Order”.Order Labels, Boxes, and other supplies:1. Main - select “Miscellaneous”2. Select Task:3. “BAC – Box Access” =

a. “BBZ – Box Base Zone” =b. “DAE – Data Entry” =c. “FAC – File Access” =d. “MT1 – Standard Materials” =e. “MT2 – Ledger Materials” =f. “MT3 – Large Tube Materials” =g. “MT4 – Small Tube Materials” =h. “RVB – Review Box” =

4. Select Department – Finance5. Requested For – Your name should appear here.6. Quantity – Enter the total number of supplies you are requesting

of 16





ATTACHMENT CBEST PRACTICES

The following is a list of suggested best practices to help staff comply with this policy.

Individual departments or units may have their own requirements which exceed or replace the practices outlined in this attachment. Please check with your supervisor, manager or director for assistance.

Saving v. Deleting

1. DO save emails and other documents related to the work you do. Speak to your supervisor or manager if you need examples of what to keep.

2. DO NOT save emails or documents not related to work you do. For example, you don’t have to save emails for:

a. Employee events (birthdays, parties, etc.);b. Junk email; c. Emails that you’re copied on, but you aren’t involved in the process described in the email; and d. Emails simply saying “thanks”.

General Best Practices

1. DO NOT use your computer drive (usually C:) to save documents. It is not backed up so if you lose something on your computer it’s usually gone for good.

2. DO use your network drive (usually H:) to save drafts of work documents or work that doesn’t have to be saved on your department drive. Your personal drive is backed up regularly.

3. DO use your department drive (usually I: or X:) to save your work documents as requested by your supervisor or manager. Your department drive is backed up regularly.

Email Best Practices

1. DO save your email archive(s) to your personal drive. By default, your archive is always on your C: drive, so ask ITHELP to move the archive for you.

2. DO NOT let your archives get too big. Try creating a new archive every year to make it easier to search your old email.

3. DO NOT keep email longer than the requirements in this policy. If you have an archive that is over 5 years old (Medi-Cal/HK/HFP) or 10 years (Medicare), delete it.

4. DO NOT email work to your personal email (Gmail, Outlook, Hotmail, Yahoo, etc.) Ask your supervisor or manager if you are allowed to work from home. If you are, fill out the request form in Compliance Policy 25 (CMP-25) to request permission for remote access.

Record Destruction Best Practices

of 16





1. DO use shred boxes at work to destroy paper you no longer need. If the paper doesn’t have PHI and isn’t private, you can recycle it.

2. DO NOT fill shred boxes to the point where you can reach in and grab the paper. If a container is nearing that capacity find another one and use it instead.

FAX Best Practices

1. DO verify FAX numbers before sending a fax.

2. DO verify that the fax was received. Or, send an email or call to the recipient to let them know the FAX was sent.

of 16





ATTACHMENT DDOCUMENTS/RECORD RETENTION SCHEDULE

Document Type ValueMinimum Retention

Requirement Destruction MethodAccounting & Finance:

- Accounts Payable ledgers & schedules

- Accounts Receivables ledgers & schedules

- Annual Audit Reports & Financial Statements

- Annual Audit Records, including work papers & other documents that relate to the audit

- Annual Plans & Budgets- Bank Statements &

Canceled Checks- Employee Expense

Reports- General Ledgers- Interim Financial

Statements- Notes Receivable

ledgers & schedules- Investment Records

- Credit card records (doc showing customer credit card number)All records showing customer credit card number must be locked in a desk drawer or a file cabinet when not in immediate use by staff.

Administrative, historic

7 years

7 years

Permanent

7 years after completion of audit

2 years7 years

7 years

Permanent7 years

7 years

7 years after sale of investment

2 years

Shred if contains financial information, or recycle/scrap

N/A

Shred; delete

N/A

If it is determined that information on a document, which contains credit card information, is necessary for retention beyond 2 years, then the credit card number will be cut out of the document.

of 16





Contracts:Contracts & Related Correspondence (including any proposal that resulted in the contract and all other supportive documentation)

Contracts with invoices from vendors

Legal, historic

Administrative, historic, legal

Permanent

7 years after expiration/payment

N/A

Shred; delete

Corporate Records:- Articles of Incorporation,

Bylaws, Corporate seals- Minute books, Signed

minutes of the Board and all committees, Annual corporate reports

- Correspondence & Internal Memoranda, Informal (handwritten) notes (e.g. staff meetings)

Legal, historic

Administrative, historic

Administrative

Permanent

Permanent

2 years, or longer if topics remain relevant

N/A

N/A

Recycle/scrap paper

Electronic Documents:- Electronic Mail – not all

email needs to be retained, depending on the subject matter.

- Microsoft Office Suite and PDF documents

- Text/Formatted Files (e.g. Microsoft Word documents)

- Web Page Files: Internet Cookies

AdministrativeAll e-mail from internal or external sources is to be deleted after 12 months

Depends on the subject matter and content of the file. Maximum is 6 years.

After 5 years, all text files will be deleted from the network and the staff’s desktop//laptop.

1 MonthIn certain cases a document will be maintained in both paper and electronic form.

All files vital to the performance of their job should be copied to the staff’s specific folder, and printed and stored in the employee’s workspace.

Shred financial and private information, or recycle/scrap; delete electronic version.

All workstations: Internet Explorer should be scheduled to delete internet cookies per month.

Grant Records:Funded grant proposals, Reports, correspondence, etc.

Rejected grant proposals, correspondence, etc.


Administrative, historic,

7 years after closure

2 years after rejection

Shred financial and private information, or recycle/scrap; delete electronic version

of 16





Insurance Records:- Annual Loss Summaries- Audits and Adjustments- Certificates issued to

PHC- Claims Files- Group Insurance Plans –

Active Employees- Group Insurance Plans-

Retirees

- Inspections- Insurance Policies

(including expired)- Journal Entry Support

Data- Loss Runs- Releases and

Settlement


10 years3 years after final adj.Permanent

PermanentUntil Plan is amended or terminatedPermanent or until 6 years after death of last eligible participant3 yearsPermanent

7 years

10 years25 years

Shred; delete

N/A

N/A

N/A

Legal Files and Papers:- Legal Memoranda and

Opinions (including all subject matter files)

- Litigation Files

- Court Orders- Requests for Departure

from Records Retention Plan


7 years after close of matter

1 year after expiration of appeals or time of filing appealsPermanent10 years

Shred; delete

Miscellaneous:- Consultant’s Reports- Material of Historical

Value (including pictures, publications)

- Policy and Procedures Manuals – Original

- Policy and Procedures Manual – Copies

- Annual Reports

Administrative, Historic

Administrative, Historic

2 yearsPermanent

Current version with revision historyRetain current version only

Permanent

Shred financial and private information, or recycle/scrap; delete electronic version

Shred if contains personal information, or recycle/scrap

Payroll Documents:- Employee Deduction

Authorizations- Payroll Deductions- W-2 and W-4 Forms- Garnishments,

Assignments,


4 years after termination

Termination + 7 yearsTermination + 7 yearsTermination + 7 years


of 16





Attachments- Labor Distribution Cost

Records- Payroll Registers (gross

and net)- Time Cards/Sheets- Unclaimed Wage

RecordsPersonnel Records:

- Commissions/Bonuses/ Incentives/Awards

- EEO-I/EEO-2 Employer Information Report

- Employee Earnings Records

- Employee Handbooks- Employee Medical

Records- Employee Personnel

Records (including individual attendance records, application forms, job or status change records, performance evaluations, termination papers, withholding information, garnishments, text results, training and qualification records)

- Employment Contracts – Individual

- Employment Records – All Non-Hired Applicants (including all applications and resumes – whether solicited or unsolicited, results of post-offer, pre-employment physicals, results of background investigations, if any, related correspondence

- Job Descriptions

- Personnel Count Records


7 years

7 years

7 years after end of employment6 years

7 years

2 years after superseded or filing (whichever is longer)Separation + 7 years

1 copy kept permanentlySeparation + 6 years

6 years after separation

7 years after separation

2-4 years (4 years if file contains any correspondence which might be construed as an offer)

3 years after superseded

3 years

Shred; delete


of 16





- Forms I-93 years after hiring, or 1 year after separation if later

Property Records:- Correspondence,

Property Deeds, Assessments, Licenses, Rights of Way

- Original Purchase/Sale /Lease Agreement

- Property Insurance Policies


Permanent

Permanent

Permanent

N/A

Tax Records:- Tax-Exemption

Documents and Related Correspondence

- IRS Rulings- Excise Tax Records- Payroll Tax Records- Tax Bills, Receipts,

Statements- Tax Returns – income,

Franchise, Property- Tax Work papers

Packages - Originals- Sales/Use Tax Records- Annual Information

Returns – Federal and State

- IRS or other Government Audit Records



Permanent

Permanent7 years7 years7 years

Permanent

7 years

7 yearsPermanent

Permanent

N/A

N/AShred if contains financial & personal information, or recycle/scrapN/A

Shred; delete

N/A

N/A

Workshop files: • Marketing • Attendee list • Invoices from consultants or payment record from attendees • Contracts with consultants • Payments for food/supplies • General information

Administrative, historic, and/or legal

• 7 years • 7 years • 7 years • 7 years • 7 years • 2 years

Recycle/scrap; delete

Presentations given: • Presentations that can be reused • Presentations for one use

Administrative, historic • 7 years

• 2 years

Recycle/scrap; delete

Photographs: • High quality with details of Administrative, historic • 10 years • Recycle/scrap;

of 16





event • Photos missing details of event • Low quality

• 2 years • 2 years

delete

Press clippings: Historic Permanently if electronic or a hard copy without electronic backup; 2 years for hardcopy with backup

• Recycle/scrap; delete

Additional Recordkeeping Requirements A. In accordance with 42 CFR 438.3(u), Contractor shall retain the following information for no less

than 10 years: 1. Member Grievance and Appeal records as required in 42 CFR 438.4162. Base data as defined in 42 CFR 438.5(c)3. MLR reports as required in 42 CFR 438.8(k)4. Data, information, and documentation specified in 42 CFR 438.604, 606, 608, and 6105. Audit and Inspection as required in 42 CFR 438.3(v)6. Code of Conduct

B. In accordance with the Final Rule, CCI Boilerplate, Contractor shall retain the following information for no less than 6 years following contract termination1. Employee annual privacy and security training certificates, Exhibit G, Attachment A (A)2. Annual confidentiality Statements, Exhibit G, Attachment A (C)

C. In accordance with the Final Rule, CCI Boilerplate, Contractor shall retain the following information for no less than 3 years following contract termination1. Background check documentation for each workforce member.

of 16

Records Retention and Access Requirements · Web viewRecords Retention and Access Requirements...

Documents

Transcript of Records Retention and Access Requirements · Web viewRecords Retention and Access Requirements...