Skip to content
a close-up of a key

130 Reasons Why MIPS Providers Should Assess all Nine SAFER Guides

Jan 29, 2024

The healthcare sector has recently faced seismic changes that have greatly impacted daily operations. With evolving technology and risks, it’s vital for organizations to stay updated on standards and regulations to ensure the safety of patients and solvency of providers. 

The Centers for Medicare and Medicaid Services (“CMS”) has identified 165 recommended practices for hospitals, health care organizations, and providers to assess the safety and safe use of Electronic Health Records (“EHRs”). As of January 1, 2024, CMS is also levying downward payment penalties for organizations that do not assess the recommended practices within the following Safety Assurance Factors for EHR Resilience (“SAFER”) Guides: 

  • High Priority Practices  
  • Organizational Responsibilities  
  • Contingency Planning  
  • System Configuration  
  • System Interfaces  
  • Patient Identification  
  • Computerized Provider Order Entry with Decision Guide Support  
  • Test Results Reporting and Follow Up  
  • Clinical Communication 

SAFER Guide structure 

The SAFER Guides break down recommended practices into three major groupings: Foundational Guides, Infrastructure Guides, and Clinical Process Guides. Within each SAFER Guide, recommended practices are further broken down into three domains: Safe Health IT, Using Health IT Safely, and Monitoring Safety. Each SAFER Guide contains practice worksheets for each recommended practice that provide Rationale for [the] Practice or Risk Assessment, Suggested Sources of Input, and Examples of Potentially Useful Practices/Scenarios.  

The first guide, High Priority Practices SAFER Guide recommends “safety practices intended to optimize the safety and safe use of EHRs. [The HPP SAFER Guide] broadly addresses the EHR safety concerns discussed in greater detail in the other eight SAFER Guides.” 

For calendar years 2022 and 2023, CMS permitted a “yes” or “no” response to fulfill the attestation requirement. However, for 2024, CMS requires eligible hospitals and critical access hospitals attest “yes” to completing the annual self-assessment using all nine SAFER Guides to satisfy program requirements. Attesting “yes” to the SAFER Guides means that a self-assessment has been completed. If an organization attests “no” or leaves the measure attestation blank, CMS will record that a participant has not completed the annual self-assessment and reduce payment accordingly. 

Attestation requirements for MIPS eligible providers  

Merit-Based Incentive Payment System (“MIPS”) eligible providers will also be required to attest “yes” to completing an assessment of the High Priority Practices (“HPP”) SAFER Guides. According to CMS, requiring attestation of the SAFER Guides from MIPS-eligible providers is meant to encourage clinicians to annually “assess their progress and status on important facets of patient safety, including certified electronic health record technology implementation and effectiveness, [to identify] vulnerabilities and [develop] a ‘culture of safety’ within their organization.” 

Mapping recommended practices from the remaining SAFER Guides to the High Priority Practices SAFER Guide 

Although MIPS providers only need to attest to assessing the first SAFER Guide, providers and health care organizations should not disregard the other eight SAFER Guides.  

Of the other 147 recommended practices from SAFER Guides 2 through 9, 130 recommended practices directly provide further context to and/or support for the 18 recommended practices from the HPP SAFER Guide. 

A table illustrating the mapping of recommended practices from the other eight SAFER Guides to the HPP SAFER Guide is below:  

# High Priority Practices Recommended Practices in Guides 2-9 Mapped
1.1 Data and application configurations are backed up and hardware systems are redundant.  4
1.2 EHR downtime and reactivation policies and procedures are complete, available, and reviewed regularly.  14
1.3 Allergies, problem list, diagnostic tests are entered/stored using standard, coded data elements in the EHR.  5
1.4 Evidence-based order sets/charting templates are available for common conditions, procedures, and services.  2
1.5 Interactive clinical decision support features and functions are available and functioning.  27
1.6 Hardware/software modifications and interfaces are tested to ensure data is not lost or incorrectly entered.  16
1.7 Clinical knowledge, rules, logic embedded in the EHR are reviewed/addressed regularly/when changes occur.  5
Policies and procedures ensure accurate patient identification at each step in the clinical workflow. 
2.1 Information required to accurately identify the patient is clearly displayed on screens and printouts. 6
2.2 Human-computer interface is easy to use/designed to ensure that info is visible, readable, and understandable. 16
2.3 The status of orders can be tracked in the system.  7
2.4 Clinicians are able to override computer-generated clinical interventions when they deem necessary.  2
2.5 The EHR is used for ordering medications, diagnostic tests, and procedures.  14
2.6 Knowledgeable people are available to train, test, and provide continuous support to clinical EHR users.  6
2.7 Pre-defined orders have been established for common meds and diagnostic (laboratory/radiology) testing.  5
3.1 Key EHR safety metrics related to the organization are monitored.  16
3.2 EHR-related patient safety hazards are reported to all responsible parties, steps are taken to address them.  7
3.3 Activities to optimize the safety and safe use of EHRs do include clinician engagement.  9


In the Examples of Potentially Useful Practices/Scenarios for each recommended practice in the HPP SAFER Guides, there is specific instruction to refer to other specific SAFER Guides for additional related recommended practices.  

For example, High Priority Practices SAFER Guide Recommended Practice 1.1 (Data and application configurations are backed up and hardware systems are redundant) advises assessors to “see the Contingency Planning [SAFER] Guide for related recommended practices.” 

The Contingency Planning SAFER Guide includes numerous recommended practices that provide further context to the HPP Recommended Practice 1.1 including:  

  • Contingency Planning SAFER Guide 1.1 – Hardware that runs applications critical to the organization’s operation is duplicated.
  • Contingency Planning SAFER Guide 1.4 – Patient data and software application configurations critical to the organization’s operations are backed up.
  • Contingency Planning SAFER Guide 2.4 – The user interface of the locally maintained backup, read-only EHR system is clearly differentiated from the live/production EHR system.  

Another example of a direct reference is High Priority Practices SAFER Guide Recommended Practice 1.3 (Allergies, problem list entries, and diagnostic test results, including interpretations of those results, such as “normal” and “high,” are entered/stored using standard, coded data elements in the EHR). Under the Examples of Potentially Useful Practices/Scenarios for the practice, assessors are advised to consult two other SAFER Guides: The Computerized Provider Order Entry with Decision Support SAFER Guide and Test Results Reporting and the Test Results Reporting and Follow-Up SAFER Guide, which include numerous recommended practices that provide further context to the HPP Recommended Practice 1.3, including:  

  • Computerized Provider Order Entry with Decision Support SAFER Guide 1.1 – Coded allergen and reaction information (or no known allergies [“NKA”]) are entered and updated in the EHR prior to any order entry.
  • Test Results Reporting and Follow-Up SAFER Guide 1.1 – Test names, values, and interpretations (i.e., outside of normal reference ranges) for laboratory results are stored in the EHR as structured data using standardized nomenclature.
  • Test Results Reporting and Follow-Up SAFER Guide 1.2 – Predominantly test-based test reports (e.g., radiology or pathology reports) have a coded (e.g., abnormal/normal at a minimum) interpretation associated with them.
  • Test Results Reporting and Follow-Up SAFER Guide 2.9 – Results outside normal reference ranges, or otherwise determined to be abnormal, are flagged (e.g., presented in a visually distinct way).
  • Test Results Reporting and Follow-Up SAFER Guide 2.10 – Display of results (e.g., numeric, text, graphic, image) should be easily accessible, clearly visible, not easily overlooked, and understandable. 

Furthermore, although not explicitly referenced, the other SAFER Guides include recommended practices that may provide further context to the HPP Recommended Practice such as:  

  • System Configuration SAFER Guide 1.1 – There are an adequate number of EHR access points in all clinical areas. 

This recommendation provides further context to HPP Recommended Practice 1.1 because it speaks to the redundancy of hardware and software. Having an adequate number of EHR access points (e.g., computers) speaks to the duplication of hardware systems, enabling redundancy and allowing for operations to continue in the event of a hardware failure.  

The 17 recommended practices in Guides 2-9 that do not map directly to the HPP SAFER Guide still are relevant for healthcare providers and organizations to maintain the safety and safe use of EHRs.  

For example, Recommended Practice 1.6 from the System Configuration SAFER Guide states: Computers and displays in publicly accessible areas are configured to ensure that patient identifiable data are physically and electronically protected. 

Although this recommended practice does not correspond to any of the 18 recommended practices within the HPP SAFER Guide, this recommended practice ensures patient privacy and confidentiality are maintained in alignment with other federal regulations such as HIPAA.

While CMS has only made assessment of the HPP SAFER Guide a requirement for eligible providers in 2024, all healthcare providers can benefit from reviewing all nine SAFER Guides and their corresponding recommended practices to reinforce a culture of safety within their practices and institutions. 

Is your organization ready to attest to the SAFER Guides?

What's on Your Mind?

a black and white logo

Karina Garcia

Karina Garcia is a Senior in the Health Care Services Group, providing advisory services to all sectors of the healthcare landscape.

Start a conversation with Karina

Receive the latest business insights, analysis, and perspectives from EisnerAmper professionals.