• Be SAFER: ONC Updates Cyber Tips for Health Care Companies
  • May 2, 2017 | Authors: Cindy M. Amedee; John P. Murrill; Marc S. Whitfield
  • Law Firm: Taylor, Porter, Brooks & Phillips, L.L.P. - Baton Rouge Office
  • The Office of the National Coordinator for Health IT, at healthit.gov, has updated two of its SAFER (Safety Assurance Factors for Electronic Health Record Resilience) guides. These two guides - "Test Results Reporting and Follow Up" and "Contingency Planning" - give guidance on improving communication of abnormal results to patients and tips for the prevention and mitigation of ransomware, as well as advice about managing system downtimes in the event of a cyber attack.

    The SAFER guides were originally published in 2014 as a series of nine guides for health care providers to assess and remediate Electronic Health Records (EHR) vulnerabilities and optimize use of electronic health records to ensure patient safety. The evolution of health care and clinical technology since then have made these updated guides necessary, said ONC Chief Medical Information Officer Andrew Gettinger, MD, in an interview with HealthCare IT News.

    The updates were made based on feedback and experiences of health care providers and EHR developers, as well as recommendations from the Electronic Health Record Association, the National Quality Forum, the National Academy of Medicine, and the American Medical Informatics Association.
    • "Test Results Reporting and Follow-Up" - Identifies recommended practices intended to help providers develop processes for the safe use of EHR technology for the electronic communication and management of diagnostic test results.
    • "Contingency Planning" - Adds practices for prevention and mitigation of ransomware attacks as well as new recommendations about dealing with unplanned downtime, which is when an EHR system is unexpectedly partially or completely unavailable.
    The SAFER Guides are organized into three broad groups - foundational guides, infrastructure guides, and clinical process guides. Each of the nine SAFER Guides contains expert recommendations, checklists, and templates for provider teams to self-examine the safety and usability of their own EHR systems. Other guides include "High Priority Practice," "System Interfaces," "Computerized Provider Order Entry with Decision Support," "Clinician Communication," "Organizational Responsibilities," "System Configuration," and "Patient Identification."

    In addition to these guides, the ONC has created a "Health IT Playbook" to help small, medium-sized and large health care practices as they invest in health information technology best practices to improve value and quality in health care services. This Playbook is also designed to help each member of the care team - including administrators and physician practice owners, clinicians and practitioners, and practice staff - understand their role in leveraging health IT.