(a)
(1) A Medicaid provider or person providing healthcare goods or services under the Arkansas Medicaid Program is required to maintain all records at least for a period of five (5) years from the date of claimed provision of any goods or services to any Medicaid recipient.
(2)
(A) The records described in subdivision (a)(1) of this section shall be available for audit during regular business hours at the address listed in the Medicaid provider agreement or where the healthcare goods or services are provided.
(B) Closed records for inactive patients or clients may be maintained in offsite storage if:
(i) The records can be produced within three (3) working days of being served with a request for records, subpoena, or other lawful notice from any agency with authority to audit the records; and
(ii) The records are maintained within the State of Arkansas.
(C) A Medicaid provider shall disclose upon request the location of any offsite storage facility to any agency with authority to audit the records.
(3) If the healthcare goods or services are provided in the home of the Medicaid recipient, the records shall be maintained at the principal place of business of the Medicaid provider.
(4) If a Medicaid provider goes out of business, the provider shall give written notification to the Department of Human Services and the Office of Medicaid Inspector General of where and how the records will be stored.
(b)
(1) No potential Medicaid recipient shall be eligible for medical assistance unless he or she has authorized in writing the Director of the Department of Human Services to examine all records of his or her own or of those receiving or having received Medicaid benefits through him or her, whether the receipt of the benefits would be allowed by the program or not, for the purpose of investigating whether any person may have violated this subchapter or for use or potential use in any legal, administrative, or judicial proceeding.
(2) No person shall be eligible to receive any payment from the program or its fiscal agents unless that person has authorized in writing the director to examine all records for the purpose of investigating whether any person may have committed the crime of Medicaid fraud or for use or for potential use in any legal, administrative, or judicial proceeding.
(c) The Attorney General shall be allowed access to all records of persons and Medicaid recipients under the program to which the director has access for the purpose of investigating whether any person may have violated this subchapter or for use or potential use in any legal, administrative, or judicial proceeding.
(d)
(1) Records obtained by the director or the Attorney General pursuant to this subchapter shall be classified as confidential information and shall not be subject to outside review or release by any individual except when records are used or potentially to be used by any governmental entity in any legal, administrative, or judicial proceeding.
(2) Notwithstanding any other law to the contrary, no person shall be subject to any civil or criminal liability for providing access to records to the director, to the Attorney General, or to the prosecuting attorneys.