Central Fabrication Accreditation Guide

October 2023

Download

Business Records (BR)

The Business Records Standards address the establishment of policies and procedures related to business operations. You must have in place written policies that address your standard operating procedures and how you manage revenues and expenses on an ongoing basis. Your policies must include how records are backed-up and how those records are recovered in a disaster. You must also demonstrate that appropriate measures have been taken to secure all records and permit prompt retrieval of information.

BR1

The business establishes and documents written policies and procedures that address business operations.

Tip–Business Operations


Your policies and procedures must be available to staff. Examples may include, but are not limited to, standard operating procedures and employee handbooks.

BR2

The business manages revenues and expenses on an ongoing basis according to generally accepted accounting principles.

Tip–Managing Revenues and Expenses


The following are examples of compliance:

  • Your operating budget meets the needs of your business operations
  • You manage revenues and expenses on an ongoing basis • You use either a cash or accrual-based accounting practice for your business
  • Your records or financial accounts allow you to identify which specific items/devices were provided to specific customers

BR3

Business records are secure and permit prompt retrieval of information.

Tip–Information Access


You must have a secure and quickly accessible system for retrieving account, customer and purchasing information.

BR4

The business complies with the appropriate provisions and requirements of the Healthcare Insurance Portability and Accountability Act (HIPAA).

Tip–HIPAA


You should be knowledgeable of the many sections of HIPAA and its applicability to your business. Examples of compliance include:

  • Business Associate Agreements (BAA) are in place
  • HIPAA Privacy Rules in place
  • HIPAA Security Regulations are in place, as applicable
  • Customer records are stored appropriately
  • Access to Protected Health Information (PHI) is properly restricted
  • Computer and other system passwords are in place

BR5

Customer and production records are reasonably protected from all risks and appropriate measures are taken to maintain backups of customer data.

Tip–Record Protection


You must have written policies in place protecting your records from all risks such as theft, fire and/or natural disasters. Your policies must include how you successfully and efficiently back-up your records and how you would recover those records in the event of a disaster or theft.