Central Fabrication Accreditation Guide

October 2023


Business Records (BR)

The Business Records Standards address the establishment of policies and procedures related to business operations. You must have in place written policies that address your standard operating procedures and how you manage revenues and expenses on an ongoing basis. Your policies must include how records are backed-up and how those records are recovered in a disaster. You must also demonstrate that appropriate measures have been taken to secure all records and permit prompt retrieval of information.


The business establishes and documents written policies and procedures that address business operations.

Tip–Business Operations

Your policies and procedures must be available to staff. Examples may include, but are not limited to, standard operating procedures and employee handbooks.


The business manages revenues and expenses on an ongoing basis according to generally accepted accounting principles.

Tip–Managing Revenues and Expenses

The following are examples of compliance:

  • Your operating budget meets the needs of your business operations
  • You manage revenues and expenses on an ongoing basis • You use either a cash or accrual-based accounting practice for your business
  • Your records or financial accounts allow you to identify which specific items/devices were provided to specific customers


Business records are secure and permit prompt retrieval of information.

Tip–Information Access

You must have a secure and quickly accessible system for retrieving account, customer and purchasing information.


The business complies with the appropriate provisions and requirements of the Healthcare Insurance Portability and Accountability Act (HIPAA).


You should be knowledgeable of the many sections of HIPAA and its applicability to your business. Examples of compliance include:

  • Business Associate Agreements (BAA) are in place
  • HIPAA Privacy Rules in place
  • HIPAA Security Regulations are in place, as applicable
  • Customer records are stored appropriately
  • Access to Protected Health Information (PHI) is properly restricted
  • Computer and other system passwords are in place


Customer and production records are reasonably protected from all risks and appropriate measures are taken to maintain backups of customer data.

Tip–Record Protection

You must have written policies in place protecting your records from all risks such as theft, fire and/or natural disasters. Your policies must include how you successfully and efficiently back-up your records and how you would recover those records in the event of a disaster or theft.