(a) Maintenance of medical records. The LMHA, MCO, and the provider must ensure:(1) protection against unauthorized access, disclosure, modification or destruction of medical records, whether accidental or deliberate;(2) the availability, integrity, utility, authenticity, and confidentiality of information within the medical record;(3) a current, organized, legible, and comprehensive records system that:(A) conforms to good professional practice;(B) permits effective clinical review and audit; and(C) facilitates prompt and systematic retrieval of information;(4) a medical records system with sufficient redundancy to ensure access to individual records; and(5) compliance with applicable federal and state laws, rules, and regulations, including HIPAA, 42 CFR Part 2, and the requirements described in Chapter 414, Subchapter A of this title (relating to Protected Health Information).(b) Disaster recovery plan. The LMHA, MCO, and the provider must maintain a written disaster recovery plan for information resources that will ensure service continuity.