(1) The adult day center must maintain a secure client record system to ensure confidentiality for all records, whether paper or electronic, in accordance with state and federal laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA).

(2) The adult day center must maintain a permanent registry of all clients with dates of admission, attendance and discharge.

(3) The adult day center must follow their written policies concerning record and maintenance and retention, see WAC 388-71-0738 operating policy section.

(4) Client records maintained on the center's premises must be in a secure storage area that includes locking cabinets or storage. Computerized records must be backed up, daily for any changes made in the record that day and a full backup on a weekly basis. Weekly backup records would be stored off-site either in a physical, (cd, tape or thumb drive) or electronic file, (through the cloud backup system) compliant with HIPAA.