May 27, 2025
Surveys Are Evolving—And They're Asking About IT
"People are not broken; systems are."
—David Rendall
Joint Commission added cybersecurity checks to its
accreditation standards for 2024. CARF followed suit shortly after.
It's not just about bed counts and care plans
anymore—surveyors are asking about passwords, audit logs, and backups.
If a surveyor asked about your IT policy today, what
would you hand them?
What Accrediting Bodies Are Looking For
New accreditation guidance includes:
- Secure
access protocols (like role-based access control)
- Regular
risk assessments and documentation
- Incident
response procedures
- Ongoing
IT staff or vendor evaluation
It's not just an IT issue—it's a facility-wide
accountability issue.
"Excellence isn't having fewer flaws. It's being
intentional about your strengths."
—David Rendall
A 2024 CARF survey guidance bulletin stated that over 70% of
non-compliance flags now include a cybersecurity element.
Is your leadership team ready to explain your cyber
safety protocols?
Proactive Beats Panic Every Time
Start small, and build confidence:
- Gather
your most recent IT risk assessment report
- Confirm
your backup schedule and recovery plan (yes, even weekends!)
- Meet
with your IT provider to walk through your incident response plan
We've helped LTC teams prepare simple, survey-ready
documentation—without drowning in jargon.
Want to learn more? See what we do for healthcare organizations here
