Section 2.15 - Requirements for Audit TrailThe following requirements for maintenance of audit trails shall be observed:
(1) Where such records are held, in whole or in part in computer or in electronically controlled or accessible files, the audit trail shall include a complete and accurate record of every disclosure of client or applicant records, including: the date of access; and the name of the individual or organization to whom access is granted; and the purpose of the access; and the authorization for granting access.(2) Where such records are held in manual files, the person granting access to records or information shall, to the maximum extent feasible, make a notation each time access to a record or information is granted. Such notation shall include the date of access; the name of the individual or organization to whom access is granted; the purpose of the access; and the authorization for granting access.(3)107 CMR 2.15 shall not apply to use of or access to client or applicant records by employees of the Commission acting within the scope of their official duties.