Abstract
While the use of computer-based communication, video recordings, and other “electronic” records is commonplace in clinical service settings and research, management of digital records can become a great burden from both practical and regulatory perspectives. Three types of challenges commonly present themselves: regulatory requirements; storage, transmission, and access; and analysis for clinical and research decision-making. Unfortunately, few practitioners and organizations are well enough informed to set necessary policies and procedures in an effective, comprehensive manner. The three challenges are addressed using a demonstrative example of policies and procedural guidelines from an applied perspective, maintaining the unique emphasis behavior analysts place upon quantitative analysis. Specifically, we provide a brief review of federal requirements relevant to the use of video and electronic records in the USA; non-jargon pragmatic solutions to managing and storing video and electronic records; and last, specific methodologies to facilitate extraction of quantitative information in a cost-effective manner.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Applicable regulation and law vary from nation to nation, and a review of such variation is beyond the scope of this paper. Thus the US is used in the context of an example to illustrate the complexity of interacting elements. The process we illustrate of compliance is thus applicable to all jurisdictions.
For more information about our comprehensive use of this database development software see http://www.filemaker.com/solutions/customers/stories/155.html
References
Behavior Analyst Certification Board (2010). Guidelines for responsible conduct for behavior analysts. Retrieved from http://www.bacb.com/Downloadfiles/BACBguidelines/BACB_Conduct_Guidelines.pdf
Behavior Analyst Certification Board (2014) Behavior analyst certification board: experience standards. Retrieved from http://www.bacb.com/Downloadfiles/ExamApplications/bcba/experience%20standards.pdf
Bridgefront (2014). What is a compliance officer? Retrieved from http://www.hipaabusinessassociates.com/compliance_officer.php
Brodhead, M. T., & Higbee, T. S. (2012). Teaching and maintaining ethical behavior in a professional organization. Behavior Analysis in Practice, 5(2), 82–88.
Family Educational Rights and Privacy Act, Pub. L. 93–380, 34 CFR Part 99, codified at 20 U.S.C. § 1232g
Family Policy Compliance Office (FPCO). (n.d.) Family educational rights and privacy act (FERPA). Retrieved from http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
File, T. (2013). Computer and internet use in the United States: population characteristics. U. S. Department of Commerce, Economics and Statistics Administration; U. S. Census Bureau.
Health Information Technology for Economic and Clinical Health Act, Pub. L. 112–164, 123 Stat. 115, codified as amended at 42 U.S.C. § 201.
Health Insurance Portability and Accountability Act, Pub. L. 104–191, 100 Stat. 2548, codified as amended at 42 U.S.C. § 201.
HIPAA, LLC. (2014). Five steps to HIPAA security compliance. Retrieved from: http://www.hipaa.com/2013/10/five-steps-to-hipaa-security-compliance/.
Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; HHS Office of the Secretary, 78 Fed. Reg. (January 25, 2013) (to be codified at 45 C. F. R. pts. 160 & 164).
New York State Office of Cyber Security (2010). Cyber security policy P03-002: information security policy. Retrieved from http://www.dhses.ny.gov/ocs/resources/documents/Cyber-Security-Policy-P03-002-V3.4.pdf
Reid, D. H., & Parsons, M. B. (2006). Motivating human service staff: supervisory strategies for maximizing work effort and work enjoyment. (Vol. 3). Morganton: Habilitative Management Consultants, Inc.
Rogowsky, M. (2013). More than half of us have smartphones, giving Apple and Google much to smile about. Forbes – retrieved 1/10/14 from http://www.forbes.com/sites/markrogowsky/2013/06/06/more-than-half-of-us-have-smartphones-giving-apple-and-google-much-to-smile-about/
U.S. Department of Health and Human Services (2006). HIPAA security guidance. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
U.S. Department of Health and Human Services, Office for Civil Rights (2003). OCR privacy brief: summary of the HIPAA privacy rule. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
Whiting, S. W., & Dixon, M. R. (2012). Creating an iPhone application for collecting continuous ABC data. Journal of Applied Behavior Analysis, 45(3), 643–656. doi:10.1901/jaba. 2012.45-643.
Acknowledgments
In memoriam: Nathan Kruser (July 1976–October 2014)—ICD Information Systems Coordinator, colleague, and friend
Author information
Authors and Affiliations
Corresponding author
Glossary
- Cloud (“cloud computing”)
-
Computer network connected to a computer or group of linked computers (server) that allows the hardware and software demands to be removed from the local machine and handled by the cloud computer network; most email accounts are set up using cloud computing
- Database
-
An organized collection of data, often supported by a specific type of software (i.e., Excel™, FileMaker™)
- Data loss
-
An error condition in which stored digital information is destroyed by failures or neglect in storage, transmission, or processing. Backup and disaster recovery equipment can prevent data loss
- Data transmission
-
Any transfer of data in either physical or digital form, including transmission of keystrokes on a keyboard to a computer screen, a phone call, or a video signal
- Digital storage
-
Hard drives and other storage devices that hold and/or process digital information for storage and retrieval; these devices may be stationary, such as on a computer desktop, or portable/mobile
- Encryption
-
The process of encoding messages or information in such a way that only authorized parties can read it; it does not prevent a message from being intercepted, but it will prevent the content from being read (Advanced Encryption Standard or AES is a specification for the encryption of electronic data established by the US National Institute of Standards and Technology—NIST—in 2001)
- FileMaker™
-
A software application to develop databases that is a subsidiary of Apple
- Firewall
-
A software or hardware-based network security system that controls the incoming and outgoing network traffic. Firewalls establish a barrier between a trusted, secure internal network and another network that is assumed to be insecure or untrusted
- Heartbleed bug
-
A security bug that attacked secure webservers that allows information to be stolen using the encryption typically used to secure the Internet and allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software
- ILOVEYOU virus
-
An email-driven virus with “I LOVE YOU” in the subject line that contains an attachment that, when opened, sends the message to everyone in the recipient’s Microsoft Outlook address book and wipes every JPEG, MP3, and certain other files from the recipient’s computer
- Intermediary network devices
-
Devices that provide connectivity and work behind the scenes to ensure that data flows across the network, including routers, switches, hubs, wireless access points, servers and modems, and security devices
- Klez virus
-
A virus transmitted through email that replicates itself and sends to all those in the victim’s address book; it often contains other harmful programs that can disable virus-scanning software or the full computer’s functionality
- Mobile device
-
Any computer, tablet, cell phone, video camera, DVD or tape recorder, or other portable devices capable of storing electronic or digital media for any length of time
- Network
-
A telecommunications system that allows computers to exchange data. Networks can be internal (private network within an organization) or external (public); internal networks do not guarantee the safe transmission of digital information without appropriate safeguards
- “Phishing”
-
The attempt, usually by an unknown or unfamiliar entity, to acquire sensitive information such as usernames, passwords, and other account information by pretending to be a trustworthy source; email communications used for phishing typically have weblinks, which can be infected with viruses or malware (malicious software)
- Restricted folder/subfolder
-
File storage location on a computer or mobile device in which a username and password or other access restriction is applied so that contents are “locked” unless special authorization is given
- Server
-
A specialized computer or group of computers with software that communicates with and provides data to other designated computers
- Uniform resource locator (URL)
-
A web address
- Virtual private network (VPN)
-
A VPN extends a private, internal network across a public network and enables a computer to send and receive data public networks as if it is directly connected to the private network (i.e., secure)
Rights and permissions
About this article
Cite this article
Cavalari, R.N.S., Gillis, J.M., Kruser, N. et al. Digital Communication and Records in Service Provision and Supervision: Regulation and Practice. Behav Analysis Practice 8, 176–189 (2015). https://doi.org/10.1007/s40617-014-0030-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40617-014-0030-3