Safety Assurance Factors for EHR Resilience Guides (SAFER Guides) were developed and released by the ONC in 2014 and updated in 2016. This series of nine user guides support healthcare organizations in their ability to address EHR safety. Collectively, the SAFER Guides help healthcare organizations conduct self-assessments to optimize the safety and safe use of EHRs in three areas – Foundational, Infrastructure and Clinical Process. The SAFER Guides are intended to be used by EHR users, developers, patient safety organizations, and those who are concerned with optimizing the safe use of Health IT.
How do SAFER Guides self assessments help my organization?
By completing a self-assessment using the SAFER Guides, providers can help develop a “culture of safety” within their organizations and ensure they are responsible operators of technology tools, including certified health IT products, which they use in the delivery of care.
Is my organization required to complete a SAFER Guides assessment?
On August 13, 2021 CMS issued the final rule for fiscal year (FY) 2022 Medicare Hospital Inpatient Prospective Payment System (IPPS) and Long-Term Care Hospital (LTCH) Prospective Payment System (PPS). The final rule updates Medicare payment policies and rates for operating and capital-related costs of acute care hospitals and for certain hospitals and hospital units excluded from the IPPS for FY 2022. Under the rule, a new “SAFER Guides Measure” has been added to the Protect Patient Health Information objective.
Hospitals must attest to having completed an annual assessment of all nine guides in the SAFER Guides measure.
What are the Medicare Promoting Interoperability Program attestation requirements for the SAFER Guides measure?
For Calendar Year (CY) 2022, this measure requires an eligible hospital or CAH to attest to having conducted an annual self-assessment of all nine SAFER Guides at any point during the calendar year in which the EHR reporting period occurs. The measure will be a “yes” or “no” requirement, but it will not be scored, and it will not affect the total score for the Medicare Promoting Interoperability Program.
How is a SAFER Guides assessment completed?
In order to complete a self-assessment of the SAFER Guides, CMS expects that each eligible hospital or CAH will complete the checklist of recommended practices included at the beginning of each SAFER Guide. Following the checklist, a practice worksheet provides the rationale for, and examples of, how to implement each recommended practice, along with likely sources of input into the assessment of each practice, and fillable fields to record follow-up actions.
Where can I find the SAFER Guides assessment tools?
The SAFER Guides assessment tools and additional information are available HERE.
Is my organization still required to conduct a Security Risk Assessment (SRA)?
A security risk assessment must be conducted by all covered entities per the HIPAA Security Rule, regardless of participation in the Medicare Promoting Interoperability Program. If participating in the Medicare Promoting Interoperability Program, eligible hospitals or CAHs must attest to having completed both an SRA and a SAFER Guides assessment.
Federal Register Final Rule
Call 859-323-3090 or email Kentucky REC our HIPAA Privacy and Security experts with your questions. We’re here to help.