Utah Administrative Code
Topic - Administrative Services
Title R25 - Finance
Rule R25-22 - Financial Institution Validation for Access to Medical Inventory Control System
Section R25-22-4 - Documents Required for Validation of Financial Institutions
Current through Bulletin 2024-06, March 15, 2024
(1) A Financial Institution must provide a letter self-certifying that the access desired will be used only in accordance with Subsections 4-41a-103(6)(a)(i) through 4-41a-103(6)(a)(iii). The self-certification must stipulate that the financial institution will comply with the following regulations:
(2) A Financial Institution must provide self-certification and supporting documentation that Automated Clearing House (ACH) transactions are compliant with National Automated Clearing House Association (NACHA) Rules and Operating Guidelines, incorporated by reference.
(3) A Financial Institution must provide documentation demonstrating compliance with the Gramm-Leach-Bliley Act (GLBA) of 1999, 15 U.S.C. 6801, et seq.
(4) A Financial Institution must provide a current American Institute of Certified Public Accountants (AICPA) SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy - Type 2 report.