(a) The agency
shall provide a secure place or places with controlled access for the storage
of records. Only individuals who must access client information in order to
carry out duties assigned or approved by the agency shall be authorized access
to the storage area or areas.
Only authorized individuals may remove a record from the storage area or areas
and the authorizing individual shall be responsible for the security of the
record until it is returned to the storage area or areas.
(c) The agency shall establish procedures to
prevent accidental disclosure of client information from automated data
director shall assure that all authorized individuals are informed of the
confidential nature of client information and shall disseminate written policy
to and provide training for all persons with access to client