Skip to content

Preparing For Your First SAFER Guides Self-Assessment

Mar 30, 2022

An effective and well-maintained EHR (electronic health record) system plays a key role in the success of health care organizations delivering optimized care to their patients. As technology advances and allows for a more streamlined care delivery process for patients and providers alike, the margin for EHR safety errors, whether they’re human or systematic, continues to decrease.

To continue driving forward EHR and information security safety in patient care, the Center for Medicare & Medicaid Services (CMS), announced that in the 2022 financial year, healthcare organizations are now required to attest to the completion of an annual self-assessment of their EHR systems.

The self-assessment, known as the SAFER Guides, was originally developed as a voluntary tool in 2014 to encourage best practices and protect both patients and providers from EHR-related harm and malpractice. The nine-part guide consists of checklists and worksheets in cross-functional areas to help health care organizations coordinate with their stakeholders (clinical leadership, IT, EHR vendor) to improve technology and information security measures for their EHR systems. All nine SAFER guides and their contents can be downloaded from

Here, we’ll break out what each category means, as well as give a few examples of how healthcare organizations can attest to stress-free self-assessment.

1. High Priority Practices

The SAFER Guides classify high priority practices as the recommended systems and processes intended to optimize the safety and security of EHRs.

As the broadest category of the SAFER Guides, it addresses many details that are discussed further in depth in later categories, from covering how data is backed up, to ensuring there are procedure plans in place in the event a system goes down.

2. Organizational Responsibilities

Organizational responsibilities are the individual activities, tasks, and processes that go into safe use of EHRs. This checklist includes prompts and worksheets in relation to the specific parties who regularly test, monitor, and report their EHR systems, such as clinicians, staff members, and developers.

Creating and implementing a clear EHR-related hazard reporting process that is assessable to all users, regardless of their access level within the software, can help reduce risk for this category.

3. Contingency Planning

In any case where users may stand to lose access to your EHR system, whether it’s because of a power outage, software failure, or regular maintenance, the SAFER Guides require you to have contingency plans in place. This section covers what health care organizations need to have prepared in case of emergency, from up-to-date software and hardware backups to ensuring you have paper data entry procedures ready if systems do fail.

It’s imperative that clinicians can care for patients and continue critical business operations in the event of an EHR outage. Consider having a written policy that is updated every two years on the proper procedures, and a process for periodically practicing emergency preparedness drills for EHR downtimes to keep everyone on the same page.

4. System Configuration

This category covers subjects related to implementation and configuration, as well as regular maintenance for EHR systems. No matter who your vendor is, failure to update, test, and maintain your system and its user content can result in significant risk and degradations in performance.

The different types of content (checklists, documents, and forms) your EHR system leverages drive significant parts of the end-user experience and are critical for day-to-day business. We recommend control configurations that are routinely updated and tested to avoid a significant degradation in operating effectiveness.

5. System Interfaces

This section outlines safety practices that are intended to foster the safe use of system-to-system integrations and interfaces with other software systems you use alongside your EHR program. These integrations can be very complex and oftentimes not even visible to your users when it comes to communication and information sharing.

When a new system is integrated into your application stack, look for ways to test that all information is correctly transmitted for completeness, clarity, and timeliness. For example, in the first few weeks of using a newly integrated system, ensure your staff are also communicating in person or over the phone to confirm all information that comes through is correct, interpreted in the right way, and in a timely manner.

6. Patient Identification

The Patient Identification SAFER Guide goes over best practices associated with the reliable identification of patients in your EHR system. Steps should be taken to ensure that any user operating your EHR to care for a patient is addressing the correct patient and the information is up to date. It’s crucial that all identifying information, whether it be displayed on a computer screen, wristband, or printout is accurate. Having proper policy and surveillance can prevent patient identification errors.

We recommend integrating automated controls where new records cannot be entered without the following fields, to ensure all patients in your system have sufficient information. This includes:

  • Last name, first name, date of birth (with calculated age)
  • Gender
  • Medical record number
  • In-patient location (or home address or ZIP code)
  • Recent photograph (recommended)

7. Computerized Provider Order Entry with Decision Support

The Computerized Provider Order Entry with Decision Support SAFER Guides call out specific practices associated with computerized provider order entry (CPOE) and clinical decision support (CDS). Whether your EHR system offers these solutions, or they’re integrated through another application, these are important processes in the clinical decision-making workflow.

Well designed and maintained CPOE and CDS systems can help with reducing some of the most common errors that harm patients. Consider streamlining the process and building consistency by creating standardized order sets for the 10 most common clinical conditions (e.g., management of chest pain), procedures (e.g., insulin administration and monitoring), and clinical services (e.g., admission to labor and delivery) you see on a day-to-day basis.

8. Test Results Reporting and Follow-Up

This category focuses on the secure reporting and communication of diagnostics test results within your EHR system. The communication of test results is already a process that leaves little room for error, so healthcare organizations need to ensure that data is being sent securely and delivered to the intended recipients.

When test results are “lost in the system,” there is a danger that there will be no follow-up, posing a significant risk of missed or delayed diagnosis. Consider monitoring master files to ensure the integrity of the information such as communication loop closure with the ordering providers is accurate and synchronized.

9. Clinician Communication

Clinician Communication covers the proper procedures for communication between clinicians in relation to anything with your EHR system. Providers already rely on technology to communicate with each other, and a well configured EHR system provides an opportunity to improve this process.

Problems related to delayed acknowledgment of clinician-to-clinician messages may go unnoticed if monitoring systems are not in place and checked regularly. Consider making EHR messages with critical or urgent information are made visually distinct and areable to be sorted by urgency. This allows critical information being communicated between clinicians to stand out among other messages that may have a lower level or urgency.

Once a voluntary tool, the now required SAFER Guides are in place to reduce patient harm and improve safety through your EHR system. An independent self-assessment of your EHR system can be critical to staying compliant as these new SAFER guides become standard practice. If you’re preparing to conduct your first self-assessment, the team at EisnerAmper is available to ensure the process goes as smoothly as possible.

Is your organization ready to attest to the SAFER Guides?

What's on Your Mind?

Start a conversation with the team

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.