The November-December 2013 newsletter of Behavioral Health Resources, LLC focuses on CARF standards for Technology Plans. Section 1.J of the CARF 2013 BH/CYS/OTP Standards Manuals states that accredited organizations should implement a technology and systems plan that includes eight areas. These are described below:
- Hardware. The mechanical, magnetic, electronic, and electrical components making up a computer system.
- Software. Written programs or procedures or rules and associated documentation pertaining to the operation of a computer system and that are stored in read/write memory.
- Security. Information security as applied to technology such as Internet, electronic transmissions (e.g., fax and e-mail), computers, networks, and cell phones. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.
- Confidentiality. In this context of technology, confidentiality is a set of rules that limits access to information by authorized personnel. Confidentiality prevents sensitive information from reaching unauthorized personnel and ensuring access by authorized personnel. Common methods of ensuring confidentiality include: date encryption, User IDs, Passwords, two-factor authentication, and biometric verification. In addition, users can take precautions to minimize the number of places where the information appears and the number of times it is actually transmitted to complete a required transaction.
- Backup Policies. Backup policies should include: 1) the method of backup to be used; 2) types of data to be backed up; 3) when data needs to be backed up; 4) administrators; 5) how to protect the backups (i.e., security in case of fire or other destruction).
- Assistive Technology. Any item, piece of equipment, or product system, whether acquired commercially off the shelf, modified, or customized, that is used to increase or improve functional capabilities of individuals.
- Disaster Recovery Preparedness. The process, policies, and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems that support business functions.
- Virus Protection. Antivirus or anti-virus software is software used to prevent, detect and remove malware (of all descriptions), such as: computer viruses, malicious BHOs, hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools, adware and spyware.
CARF Definition of a Plan. As described in the Glossary of the 2013 BH/CYS/OTP Standards Manuals, a plan is: “Written direction that is action oriented and related to a specific project or defined goal, either present and/or future oriented. A plan may include the steps to be taken to achieve stated goals, a time line, priorities, the resources needed and/or available for achieving the plan, and the positions or persons responsible for implementing the identified steps.” Many organization receive recommendations during their CARF surveys because their plans are not working documents (i.e., are written as policies). The CARF definition of a policy is: “Written course of action or guidelines adopted by leadership and reflected in actual practice.”
Current and Projected Technology Needs. An effective Technology Plan will include specific description of the organization’s current technology. The Plan should also be a working document (i.e., Action Plan) that includes unmet and projected technology needs and a time line with possible vendors, estimated or actual cost, person responsible, target date, and completion date for each of the eight areas.
For more information about how to develop an effective Technology Plan (to include the Action Plan), contact a CARF Consultant, Brenda Rohren, at (402) 486-1101 or firstname.lastname@example.org.
© 2013 Behavioral Health Resources, LLC. All rights reserved.