Commission on Accreditation of Rehabilitation Facilities overview

CARF (Commission on Accreditation of Rehabilitation Facilities)

The Commission on Accreditation of Rehabilitation Facilities (CARF) is an independent, nonprofit organization that reviews and grants accreditation requests for facilities or programs providing rehabilitative services to patients (CARF Official Website, 2008). Although it is not required for a rehabilitative facility to be accredited by CARF, obtaining accreditation from this agency can be a powerful confidence-booster for an individual choosing a facility. Accreditation can motivate him or her to select a particular rehabilitative facility. Thus CARF can have a great deal of power in setting the standards of healthcare for rehabilitation and health records.

One of its standards CARF evaluates when accrediting institutions involves the institution's compliance with privacy according to the standards of the HIPAA Security Rule for health care providers that transmit any health information in electronic form. Other privacy rules and regulations regulate use and disclosure of protected health information regardless of whether it is communicated electronically, on paper, or oral, and CARF requires that certified rehabilitation institutions comply with these regulations as well. The Centers for Medicare & Medicaid Services (CMS) which enforces the HIPAA Security rules may request documents and other information to ensure that the institution's policies and procedures protect individual patients' privacy. These documents and other sources of information may include employee background checks; doctor and patient confidentiality agreements; information about how user access is obtained to electronic records; the electronic authentication methods for users; information about detecting, reporting, and responding to security incidents; information about physical security on the premises; encryption and decryption data; an explanation of how system issues are monitored; information on the use of wireless networks; and information on how sanctions for employees who violate security policies and procedures are enforced (Johnson 2008). "In addition, a covered entity may be requested to produce a list of individuals (including contractors) with access to E-PHI and a list of software used to manage and control access to the Internet" (Johnson 2008).

CARF is influential in medical records-keeping by providing an additional form of monitoring to ensure that institutions protect patient privacy, in accordance with federal regulations. By making keeping patient privacy a requirement of accreditation, and inspecting such aspects of privacy enforcement as encryption and the use of wireless networks, CARF utilizes the data accumulated by the CMS in a positive fashion that protects patients. This is important as more and more medical records are accessible online. However, in addition to ensuring compliance with federal regulations pertaining patient and employee privacy, CARF could also rate facility medical records-keeping on other issues, such as ease of obtaining medical records for patients and the user-friendly nature of site websites for patients with legitimate reasons to access their records online. This could be important in the future for CARF given that many users of rehabilitative facilities may be elderly or homebound, and the Internet may be their primary means of accessing their medical records.