In today’s digital world, technology is ever-changing. The adoption of health-related mobile apps has doubled in the last two years, and a growing number of consumers report that they are willing to use telehealth services and programs. From online counseling to crisis textlines to recovery support apps, the possibilities for service delivery are endless. Along with new innovations, however, come new potential risks for organizations—the security of electronic data and information, compliance with federal privacy laws, and organizational capacity and readiness are just a few examples. With the increasing use of technology to deliver services, there is a parallel need to identify best practices of care when using these new delivery methods.
Accreditation bodies—the entities that validate services as well as the providers who deliver them—are taking on this effort. The Council on Accreditation (COA), a national nonprofit accreditor of human service organizations, is one of those change agents providing insights into best practices along the full continuum of child welfare, behavioral health, and social services. COA understands that adopting new technology can be a daunting task for any organization. However, rather than fearing the unfamiliar, we want to celebrate the possibilities that new technologies can bring in enhancing the overall health and well-being of individuals, families, and communities nationwide.
Recognizing that organizations are currently exploring the use of technology in different capacities to promote positive outcomes, we embarked on an initiative to better support the use of information and communications technology among our accredited organizations. We partnered with a diverse panel of subject matter experts to update and develop standards to address trends in technology utilization and adoption. As part of our commitment to support our accredited organizations, it is vital for COA to respond to the questions and concerns that we hear from them; the adoption and selection of electronic health record systems, transitioning from paper to electronic records, and the risks associated with the use of social media and mobile devices were just a few of the many areas we explored and researched during the standards development process.
In February 2016, we strengthened our Risk Prevention and Management (RPM) standards to provide guidance on best practices related to the protection of confidential information and data, security risk assessments, HIPAA compliance, disaster recovery plans, social media, and the use of mobile devices. COA also developed standards to address technology-based service delivery, as we continued to see growing support for using different technologies to provide services.
COA’s Standards address a number of areas related to technology that can help an organization align their use of technology with best practices. If your organization is using technology to provide services, consider reviewing these important practices outlined in the standards.
Conduct a Risk Assessment
Recognizing and understanding the benefits and risks associated with the use of technology is recommended management practice, which is why we require that accredited organizations annually assess technology and information systems for potential risks. Risk analysis is the first step towards implementing effective and appropriate administrative, physical, and technical safeguards. The process requires that organizations review their existing security infrastructure and identify potential risks and vulnerabilities. The assessment can include a review of systems in place to protect physical and electronic data and information, databases, files, computers and mobile devices, networks, and programs from unauthorized access, use, modification, disruption, destruction, and/or attack. Findings from the security risk analysis inform the organization’s risk mitigation strategy and help to reduce the likelihood and severity of identified threats.
Develop a Technology Plan
A technology and information management plan helps organizations utilize technology effectively and efficiently, charting ways in which different technologies can be used to support current and future operations. COA requires that all accredited organizations develop a technology plan, regardless of their level of technology adoption, to ensure that they remain relevant in the evolving technical landscape. The standards outline elements to consider during the technology planning process and encourage organizations to align the technology and information management plan with their strategic or long-term plan.
Safeguard Information and Data
Protecting electronic and printed information against intentional and unintentional destruction, modification, and unauthorized disclosure or use is critical for any organization. That’s why COA Standards outline a variety of ways that organizations can safeguard confidential and other sensitive information. For example, employing firewalls, anti-virus, and related software can help organizations protect information and data, just as long as the effectiveness of these security measures is monitored on an ongoing basis. With the rise in the use of mobile devices, having the ability to remotely disable, deactivate, and/or wipe data in the event that a device is lost, stolen, repurposed, or discarded is an additional security precaution organizations can put in place. Organizations may also need to consider encryption, secure networks and other safeguards in order to reasonably and appropriately protect confidential and other sensitive information in accordance with applicable legal requirements when it’s transmitted electronically. These strategies and many more are woven into the standards, creating the basis for strong data security policies and procedures.
Leverage Technology to Expand Service Delivery
Research suggests that there are many benefits associated with providing health-related services via technologies, including expanded access to services, improved treatment outcomes, increased client engagement and satisfaction, and potential cost savings. Telehealth has proven to be particularly beneficial for rural service populations, as it can reduce geographic barriers to care and address provider shortages.
These new standards on technology-based service delivery can serve as a roadmap for organizations, demonstrating how they can leverage new innovations to better meet the needs of the individuals, families, and the communities they serve. An organization that is unsure of its capacity to provide services via technology can refer to the standards as a framework for implementing new service delivery models. COA’s Standards on technology-based service delivery address topics, including but not limited to:
- Organizational readiness assessments and ongoing monitoring and evaluation
- Necessary policies and procedures, including those around privacy and security
- Client suitability/assessing the appropriateness of services
- Client consent
- Instruction and support for clients
- Personnel training
- Licensure requirements
The hope is that organizations will learn from the standards and become familiar with practices that can help promote new, innovative effective methods for service delivery.
The promotion of best practices is essential in helping organizations navigate the new technological frontier. These are just a few of many important practices reflected in COA’s Standards.