(a) A course provider must retain participant records,
as identified by §92.51(b), for a period of two years after completion
of a course.
(b) To determine whether a course provider is complying
with the requirements of this chapter, department employees and representatives
may conduct an audit of the approved course. Audits may be conducted
without prior notice to the course provider and department employees
and representatives may enroll in a course without identifying themselves
as employees or representative of the department.
(c) Course providers must maintain a means to ensure
the security and integrity of participant information which must include
a privacy policy statement. The privacy policy statement must be provided
to course registrants at the time of registration.
(d) Upon request, a course provider must provide information,
including copies of specified records, to the department within ten
business days of the date of the request.
|