Wash. Admin. Code § 308-10A-401
When the department requires an audit under this section, it may accept an audit performed in the previous 12 months when it meets standards in the data sharing agreement and is performed by an auditor that meets independent third-party auditor qualifications.
For recipients receiving lists:
(2) Audit reports must provide documentation on the procedures, and the results of such procedures, used to determine whether controls align with requirements in the data sharing agreement.
For recipients receiving individual records of protected personal information, audit reports must demonstrate reasonable procedures were used to conclude each recipient is compliant with requirements in the data sharing agreement.
[Statutory Authority: RCW 46.01.110. WSR 23-19-010, § 308-10A-401, filed 9/7/23, effective 10/8/23.]