(1) Subject to rules adopted by the administrator, nothing in this part 2 prohibits a registered provider from permitting its employees to work from a remote location so long as the registered provider:
- (a) Ensures that no in-person customer interactions are conducted at the remote location and does not designate the remote location to consumers as a business location;
- (b) Maintains appropriate safeguards for registered provider and consumer data, information, and records, including the use of secure virtual private networks, also known as VPNs, where appropriate;
- (c) Employs appropriate risk-based monitoring and oversight processes of work performed from a remote location and maintains records of the monitoring and oversight processes;
- (d) Ensures consumer information and records are not maintained at a remote location;
- (e) Ensures consumer and registered provider information and records remain accessible and available for regulatory oversight and examination; and
- (f) Provides appropriate employee training to ensure employees working from a remote location keep all conversations about and with consumers that are conducted from the remote location confidential, as if conducted from a commercial location, and to ensure that employees working at a remote location work in an environment that is conducive and appropriate to ensuring privacy and confidential conversations.
- (2) As used in this section, remote location means a private residence of an employee of a registered provider or another location selected by the employee and approved by the registered provider.
Source: L. 2023: Entire section added, (SB 23-248), ch. 360, p. 2153, § 13, effective August 7.