Files
claudetools/clients/cascades-tucson/docs/proposals/carf-technology-plan-intake.md
Howard Enos 2a1a275511 sync: auto-sync from HOWARD-HOME at 2026-06-24 17:37:00
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-24 17:37:00
2026-06-24 17:37:35 -07:00

12 KiB
Raw Blame History

Cascades of Tucson — CARF Technology & System Plan: Input Worksheet

Purpose: collect the few facts only Cascades/ACG leadership can supply, so the final CARF-format Technology and System Plan can be built complete (no placeholders). Everything marked >> NEEDED << is an input from you. Everything else is pre-filled from ACG's records and is yours to correct. Prepared by Az Computer Guru · drafted 2026-06-24. Costs left blank are [ACG TO PRICE] (we verify, never guess).


Part 1 — Plan header & governance (CARF Section 1 requirements)

Field Value
Accreditation program >> NEEDED << (Aging Services — which: Assisted Living / CCRC / other?)
CARF manual year / edition >> NEEDED << (2025 or 2026 Aging Services Standards Manual — so we cite the exact standard number)
Standard reference Technology and System Plan (Section 1 "CARF Plans") — confirm number from your manual
Plan period / fiscal year covered >> NEEDED <<
Plan owner (Cascades) >> NEEDED << (suggest: Administrator / Ashley Jensen)
Prepared with (IT partner) Az Computer Guru (Mike Swanson, Howard Enos) — pre-filled
Approved/adopted by (leadership) >> NEEDED << (Executive Director name + title)
Date adopted >> NEEDED <<
Last reviewed / Next annual review >> NEEDED << (CARF requires at least annual review with a dated record)

Part 2 — Needs basis (CARF: plan must be based on the needs of persons served, personnel, stakeholders)

Draft below — confirm or edit:

  • Persons served (residents & families): reliable building Wi-Fi and phone service; resident-safety monitoring (fall detection); strict confidentiality of personal health information; access to assistive/adaptive technology where needed. >> confirm / add <<
  • Personnel (staff & caregivers): secure on-site access to the clinical record (ALIS) and email; dependable phones and workstations; protection against credential theft and lost/stolen devices. >> confirm / add <<
  • Other stakeholders (vendors, payers, regulators): HIPAA confidentiality, business continuity, auditable records. >> confirm / add <<

Part 3 — Strategic-plan alignment (CARF: plan aligns to the strategic plan)

One paragraph tying technology priorities to Cascades' strategic goals. >> NEEDED << — please share your top 23 strategic goals (e.g. resident safety, census growth, regulatory standing) and we will write the alignment paragraph.


Part 4 — The eight areas (CARF action-document format)

For each area, fill the four input fields: Responsible person, Estimated/actual cost, Target date, Completion date. Current state / needs / vendor are pre-filled.

1. Hardware

  • Current: Dell PowerEdge R610 server (verified healthy 2026-06-24, all drives online); Synology NAS; pfSense firewall; UniFi network (77 APs, 12 switches); ~29 staff PCs; resident/safety devices.
  • Unmet / projected needs: restore server redundant power supply; install enterprise SSDs already purchased; replace end-of-life PCs; longer-term server replacement off the 16-yr-old R610.
  • Possible vendor: Az Computer Guru (Dell hardware).
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] · Target date: >> NEEDED << · Completion: PSU/SSD pending

2. Software

  • Current: Microsoft 365 (Business Premium); Windows Server 2019; clinical EHR (ALIS); line-of-business apps.
  • Unmet / projected needs: move 31 users off the suspended M365 license onto Business Premium (time-sensitive); finish staff domain migration; upgrade Windows Home PCs to Pro.
  • Possible vendor: Microsoft / Az Computer Guru.
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] (license true-up) · Target date: >> NEEDED << · Completion: in progress

3. Security

  • Current: identity-based access control (Entra), MFA, caregiver on-site/approved-device lockdown, isolated voice & resident-data network segments, email filtering.
  • Unmet / projected needs: enable file-access audit logging on the resident-data share; build audit-retention storage (90-day + 6-year); create emergency break-glass admin accounts with security keys.
  • Possible vendor: Microsoft / Az Computer Guru.
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] (audit-retention build) · Target date: >> NEEDED << · Completion: pending

4. Confidentiality

  • Current: PHI access limited by role and security group; encryption in transit; single sign-on to ALIS; caregiver PCs auto-lock and sign out; per-room and voice network isolation.
  • Unmet / projected needs: confirm signed Business Associate Agreement (BAA) with ALIS/Medtelligent; enable SMB encryption on the resident-data share; rotate one historically-exposed credential.
  • Possible vendor: Az Computer Guru / Medtelligent.
  • Responsible person: >> NEEDED << · Cost: minimal/internal · Target date: >> NEEDED << · Completion: pending

5. Backup policy

  • Current: cloud backup (MSP360) verified running 2026-06-24 — last run succeeded, ~576 GB protected off-site, daily incrementals.
  • Unmet / projected needs: confirm/extend to full system-image (bare-metal) backup for the server; run and document a test restore (CARF looks for this); set/confirm retention.
  • Possible vendor: Az Computer Guru / MSP360.
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] · Target date: >> NEEDED << · Completion: backup live; image + restore-test pending

6. Assistive technology (persons served) — biggest input gap

  • Current (known): Helpany "Paul" resident-safety sensors — ceiling radar fall/motion detection, no camera, no microphone; rolling out floor by floor.
  • >> NEEDED — full resident-facing inventory: nurse-call / emergency-call / pendant system? hearing loops or assistive listening? adaptive/accessible computers or devices? resident/guest Wi-Fi for telehealth or family contact? Anything else residents use to maintain function/independence.
  • Possible vendor: Helpany / [nurse-call vendor?] — >> NEEDED <<
  • Responsible person: >> NEEDED << · Cost: >> NEEDED << (vendor-billed) · Target date: >> NEEDED << · Completion: Helpany in rollout

7. Disaster recovery preparedness

  • Current: documented power-outage runbook with scripted clean shutdown and verified recovery (June 2026); UPS protection; backup running.
  • Unmet / projected needs: written DR/business-continuity plan with target recovery times (RTO/RPO); add server redundancy; complete the system-image backup + restore test (links to area 5).
  • Possible vendor: Az Computer Guru.
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] · Target date: >> NEEDED << · Completion: procedure proven; written plan pending

8. Virus protection — close before survey if possible

  • Current: managed antivirus (Bitdefender) on endpoints; Microsoft Defender + email filtering.
  • Unmet / projected needs: enroll the main server and all remaining PCs into managed antivirus; remove the previous IT provider's leftover security agents; run a coverage audit so every device reports in.
  • Possible vendor: Az Computer Guru / Bitdefender.
  • Responsible person: >> NEEDED << (suggest ACG) · Cost: [ACG TO PRICE] (per-endpoint) · Target date: >> NEEDED << · Completion: pending

(Extra, not CARF-required) Communication technology / Services & contracts / Use of AI

  • Ashley's list also included these. We will carry them as supplementary sections (phones + Wi-Fi device network; vendor/contract register; an AI acceptable-use policy). No CARF fields required, but the AI-use policy strengthens the Security area. >> confirm you want these kept <<

Part 5 — Supporting evidence the surveyor may also request (status)

Evidence Status
DR procedure tested + documented Have (June outage runbook + verified recovery)
Backup running + successful test restore Backup verified; restore test owed
Security risk assessment (dated) Substance exists (HIPAA gap list); package + date it
Confidentiality controls in place Have (access model, MFA, isolation); audit logging pending
Antivirus coverage all devices Gap (server + cleanup)
Plan reviewed annually w/ sign-off To create (Part 1 governance block)

Part 6 — Cost estimates (verified via live web lookup 2026-06-24)

Per ACG policy these are verified against current vendor/retail pricing, not estimated from memory. Sources cited below the table. "ACG labor" draws the prepaid block (48.25 hrs @ $175/hr) unless quoted as a separate project.

Item Area Qty Cost (verified) Notes
R610 redundant power supply (refurb, RN442 717W) Hardware / DR 1 ~$99 one-time Restores lost PSU redundancy; cheap, do soon
Enterprise SSD 480 GB (Samsung PM893) Hardware 2 ~$320350 (already purchased) Sunk cost; planned install on a maintenance window
M365 Business Premium relicense (31 users) Software 31 likely $0 new spend Our records show 31 Premium seats already owned + free; reassign the 31 suspended-Standard users to them and drop Standard. If those seats are NOT a paid subscription: $22/user/mo = $682/mo (~$8,184/yr). Verify subscription status.
Windows Home → Pro upgrade Software 5 ~$495 (~$99/device; ACG to source via CSP, may be lower) Howard handling keys
Replacement workstations (OptiPlex i5 / 16 GB / 512 NVMe, Win 11 Pro) Hardware 2 ~$1,4001,900 (~$700950 ea) Lupe Sanchez EOL + spare for new hire (#32194)
Break-glass FIDO2 YubiKeys (5-series) Confidentiality 2 ~$110 (already ordered per records) Approximate
Azure audit-log retention (Log Analytics 90 d + 6 yr archive) Security ~$50120/mo consumption (log-volume dependent) + one-time ACG build Firm up after measuring actual audit-log volume
Managed antivirus, all devices incl. server Virus protection Included in existing ACG Bitdefender managed security + ACG labor to enroll server / remove legacy Datto agents Client (Mike) is deploying AV
DR written plan + system-image confirm + restore test DR ACG labor (prepaid block) Restore test deferred per client (revisit after AV + basic items)
Security risk assessment (dated package) + file-share audit logging Security ACG labor (prepaid block); no license cost
Long-term server replacement (PowerEdge T360-class) Hardware / DR 1 ~$4,0007,000 configured (formal quote required) Depends on spec + Windows Server licensing + CALs; separate project

One-time hardware/licensing subtotal (excludes the optional server replacement): ~$2,3002,950, of which ~$320350 (the SSDs) is already spent. Plus ~$50120/mo Azure. The server replacement is a separate ~$47k project to quote when you're ready.

Pricing sources (2026-06-24): M365 Business Premium $22/user/mo · M365 July 2026 price changes (Premium unchanged) · Samsung PM893 480 GB ~$160175 · Windows 11 Home→Pro upgrade ~$99 · Azure Log Analytics $2.30/GB ingest, ~$0.10/GB/mo retention, ~$0.02/GB/mo archive · Dell R610 717W redundant PSU refurb ~$99 · Dell PowerEdge T360 tower (from ~$1,900 base) · Dell OptiPlex business desktop i5/16 GB


What we do once you return this

  1. Build the final CARF Technology and System Plan (Cascades-branded, ACG as preparer) in CARF action-document format, complete with your owners/costs/dates.
  2. Package the security risk assessment + DR plan as named attachments.
  3. Deliver as a print-ready PDF for leadership adoption and the survey file.