ONC Issues Guides for SAFER EHRs

By Dean F. Sittig, PhD; Joan S. Ash, PhD, MLS, MBA; and Hardeep Singh, MD, MPH

Electronic health records (EHRs) have tremendous potential for improving healthcare quality and safety. However, as EHRs become more complex and interconnected with several different computer systems, health information management (HIM) related activities become more challenging. The potential for EHR-related safety concerns also increases dramatically.

The rapid growth of EHR adoption introduces EHR-related risks across a wide variety of healthcare settings—many of which have limited resources for patient safety.1 In these newly created EHR-enabled healthcare systems, there is a need for accessible, flexible tools to help facilities and practices ensure the continued availability, integrity, and confidentiality of their medical records as well as the overall safety of their EHR implementations. To help with this effort, the Office of the National Coordinator for Health IT (ONC) sponsored the development of the Safety Assurance Factors for EHR Resilience (SAFER) guides. This paper, written by the three authors of the SAFER guides, describes the relevance of these guides for HIM professionals.

SAFER Guides Aim to Reduce Risk

Following the release of the 2012 Institute of Medicine report Health IT and Patient Safety: Building Safer Systems for Better Care, ONC contracted with research corporation Westat and the authors of this paper to form the SAFER team that would develop self-assessment guides that help organizations proactively detect and reduce patient safety risks associated with EHRs.2 The resulting products, known as the SAFER guides, address two foundational aspects of EHR implementation and use, three areas of the computing infrastructure, and four clinically focused, error-prone processes (see Table 1 below) that were identified during the SAFER team’s research.3 The SAFER project was funded by ONC.

The guides are currently available for users to download at www.healthit.gov/policy-researchers-implementers/safer and are intended to help organizations self-assess their current practices against the SAFER recommended EHR practices. The self-assessment process, in addition to prompting changes to deficient practices or software, is designed to help all EHR-related stakeholders develop a shared understanding of the full capabilities and limitations of their health IT systems. This common understanding is essential for achieving and maintaining EHR system “resilience.”

Sociotechnical EHR Context Must Be Considered

A key premise of the SAFER project is that EHR-related safety risks emanate not just from the features and functions of the technology itself, but also from the sociotechnical context and culture in which these systems are implemented and used. Sociotechnical context means that it is not just the hardware and software required to run the EHR application that factor into creating and maintaining an up-to-date, accurate medical record, but also the workflow processes, people, policies, and other social and organizational factors. All of these factors combined must be managed to ensure health IT safety. Therefore understanding the risks of any EHR system requires knowledge of who uses the EHR, how the organization influences use of the EHR, and the rules that govern the organization and its users.

Even within healthcare systems that share a single common EHR across facilities or clinics, EHR risks may differ from site to site depending on factors such as the local culture, training practices, workflows, and policies.4 The SAFER guides are designed to take into account not only technical factors, but usability, social, and organizational factors as well. The content of the SAFER guides was determined by prior research performed by the SAFER team and others, plus new data related to EHR safety gathered in the field and through expert opinion to fill gaps. An expert panel and workgroup representing the fields of informatics, HIM, patient safety, quality improvement, risk management, human factors engineering, and usability contributed insight throughout development of the guides. Each guide (see Table 1) is devoted to a process or function that is both integral to healthcare operations and vulnerable to problems that may in turn affect patient safety.

Examples of SAFER Practices

Each of the SAFER guides consists of a checklist of 10 to 25 recommended practices that reflect basic tenets of safe and effective EHR implementation and use. The practices are organized according to six key principles, stating that clinical and administrative data and EHRs must be:

  • Available when and where they are needed
  • Only viewed by authorized users
  • Only modified by authorized users
  • Used correctly and completely throughout the organization
  • Must be designed and implemented to promote safe, effective, and efficient use
  • Must have mechanisms in place to monitor, detect, and report on the safety of the EHR

In order to provide the users of SAFER guides with background information to justify each practice’s importance, the practices are accompanied by a rationale. For example, one recommended practice within the Patient Identification Guide is to ensure that the information required to accurately identify the patient is clearly displayed on all computer screens, wristbands, and printouts. The rationale is that providing medical services to the wrong patient is one of the most common preventable sources of patient harm.5

In addition, the guides identify one or more examples of specific activities that an organization could undertake to implement a recommended practice. For example, all computer-based displays incorporate the patient’s last name, first name, date of birth (with calculated age), gender, medical record number, in-patient location (or home address), a recent photograph (recommended), and the responsible physician (optional) to facilitate correct patient identification. Finally, the guides offer a planning worksheet for each recommended practice so that a multidisciplinary team assessing EHR safety within its organization can note which recommendations need attention and how they will be addressed over time.

Table 1: Overview of the organization and content of the Safety Assurance Factors for EHR Resilience (SAFER) Guides

Foundational Guides

High Priority Practices – Recommendations determined to be “high risk” and “high priority.” This guide can be used by organizations to help them assess where they should concentrate their EHR safety improvement efforts.

Organizational Responsibilities – Recommendations related to activities, processes, and tasks that people must carry out to ensure safe and effective EHR implementation and use.

Infrastructure Guides

Clinical Process Guides

Contingency Planning – Recommendations for preparations that should be completed before the EHR experiences a hardware, software, or power failure.

Patient Identification – Recommendations for creating new patient records in the EHR and patient registration and retrieval of information on existing patients.

System Configuration – Recommendations related to the physical environment in which the EHR will operate, as well as the infrastructure required to run the EHR.

Computerized Provider Order Entry with Decision Support – Recommendations for electronic ordering of medications and diagnostic tests and point-of-care clinical decision support.

System Interfaces – Recommendations for processes that enable the physical and logical connection of different hardware devices and software so they can share information.

Test Results Reporting and Follow-up – Recommendations regarding delivery of test results to the appropriate providers.

Clinician Communication – Recommendations regarding consultations or referrals, discharge-related communications, and patient-related messaging between clinicians.

SAFER Roadmap to Strengthen Partnerships

The examples provided for each recommended practice are illustrative rather than prescriptive. Notably, in many cases the SAFER team did not obtain consensus from the experts they consulted on exactly how to implement these recommendations. In fact during the early development of the guides, the authors received feedback that their recommendations were too specific. The recommendations are therefore written in general terms, and the selected examples are meant in part to stimulate thought about how organizations can implement recommended practices within their unique contexts. Over time, the SAFER team anticipates that users will provide additional examples that better reflect the spirit of specific recommendations within their settings.

The SAFER guides exist today as “Version 1.0” and are meant to be only the beginning of a meaningful conversation on patient safety in EHR-enabled healthcare environments. Although the SAFER team expects the content of the guides to evolve and become more customizable to a variety of settings, the overarching goal of this project was to create evidence-based documents to help unite stakeholders, including the health IT vendor community, in collective self-reflection focused on what is best for patients.

The team’s intent is not to prescribe regulations, policies, or guidelines, but rather offer a roadmap for strengthening existing partnerships among various parties whose ultimate goal is safe and reliable healthcare. For example, the SAFER guides provide direction to healthcare organizations about certain practices they could expect to collaborate with their vendors on to improve safety. The SAFER team acknowledges that, for some vendors, these recommendations may entail the development of new EHR functionality or software enhancements. Likewise, healthcare organizations that follow these recommendations may discover a need for more formal mechanisms of self-reporting and governance related to safe and effective EHR implementation and oversight. Increased safety requires innovation, however, and the current status quo will not improve standards of patient safety unless new functionalities and practices evolve.

Whereas some users might find the guides too detailed, or their guidance too time- and resource-intensive, others have expressed concern that the recommendations are too general and broad. In the SAFER team’s first effort to meet the needs of many types of users, they attempted to balance general guidance against more illustrative and detailed examples of potentially successful practices.

HIM Professionals Must Help Create a SAFER EHR

HIM professionals will likely find almost all the guides useful, and should especially focus on the Patient Identification Guide since accurate patient identification is essential to any safe and effective health record keeping system, according to the SAFER team. The Organizational Responsibilities Guide should also be of particular interest to HIM because it highlights many of the evolving skills, knowledge, and competencies required to create high-quality, electronically maintained health records. Finally, HIM professionals will need to work closely with their colleagues in information technology (IT) during the contingency planning process. As organizations transition from paper-based to electronic-based and maintained records, organizations must ensure that many of the fruitful lessons that have been learned regarding long-term storage and retrieval of health records are adapted and passed on to all of the professionals, including IT, now entrusted with them.

Use of the SAFER guides is intended to stimulate implementation of recommended practices and sustain those already present, with an ultimate goal of increasing patient safety.6 When assessing EHRs at repeated intervals (i.e., initially, annually, and when changes are made), users of the guides can establish a baseline for measuring the effect of patient safety interventions.

The guides were designed to be applicable to ambulatory physician practices and other outpatient settings, not just hospitals and large academic health centers. The SAFER team anticipates that these guides will be useful tools in ongoing patient safety and risk management programs, allowing various stakeholders to address new risks that arise in EHR-enabled healthcare settings. Over time the SAFER team hopes the guides are refined and that new guides are developed to address additional clinical processes, such as clinical documentation. HIM professionals can be especially helpful in future guide development as well as in the self-assessments conducted by their organizations.


  1. Wright, Adam et al. “Early results of the meaningful use program for electronic health records.” New England Journal of Medicine 368, no. 8 (February 21, 2013): 779-780.
  2. Institute of Medicine. Health IT and Patient Safety: Building Safer Systems for Better Care. Washington, DC: The National Academies Press, 2012.
  3. Singh, Hardeep, Joan Ash, and Dean F. Sittig. “Safety Assurance Factors for Electronic Health Record Resilience (SAFER): Study Protocol.” BMC Medical Informatics and Decision Making. April 2013.
  4. Laxmisan, Archana et al. “Effectiveness of an Electronic Health Record-based Intervention to Improve Follow-up of Abnormal Pathology Results: a Retrospective Record Analysis.” Medical Care 50, no. 10. 2012.
  5. Joffe, Erel et al. “Matching Identifiers in Electronic Health Records: Implications for Duplicate Records and Patient Safety: Records and Patient Safety.” BMJ Quality and Safety in Health Care 22, no. 3. (March 2013): 219-24.
  6. Sittig, Dean F. and Hardeep Singh. “Electronic Health Records and National Patient-Safety Goals.” New England Journal of Medicine 367, no. 19 (November 2012): 1854-1860.

Dean F. Sittig (dean.f.sittig@uth.tmc.edu), is a professor of biomedical informatics at the University of Texas Health Science Center at Houston. Joan S. Ash (ash@ohsu.edu) is professor and vice chair in the department of medical informatics and clinical epidemiology at Oregon Health & Science University. Hardeep Singh (hardeeps@bcm.edu), is chief of the health policy, quality, and informatics program at the VA Health Services Research and Development Center for Innovations in Quality, Effectiveness and Safety and an associate professor of medicine at Baylor College of Medicine.

Article citation:
Sittig, Dean F; Ash, Joan S; Singh, Hardeep. "ONC Issues Guides for SAFER EHRs" Journal of AHIMA 85, no.4 (April 2014): 50-52.