How Hospitals Should Approach EHR Self-Assessment, ONC SAFER Guides

Identify the SAFER Assessment Team

Hospitals should assemble a multidisciplinary team of eight to 15 people, including clinical, administrative, and health IT representatives, to complete the assessment.

Team expertise should represent strong knowledge of clinical, technical, and administrative EHR functionality, prior work with vendors, and patient safety. The authors also noted that hospitals should give team members dedicated time to review SAFER guide recommendations and participate in meetings.

Determine Which Recommendations Require EHR Vendor Action or Attestation

Adherence with several SAFER practices require shared responsibility between the EHR vendor and the hospital, the authors pointed out. Additionally, the need for vendor responsibility may be even greater in certain types of hospitals.  

“For example, in hospitals using a remote, cloud-hosted EHR with limited local configuration capabilities, the vendor bears substantial responsibility for attestation compared with hospitals using on-premise database and application servers and considerable local customizations or configurations,” the authors explained. “Smaller, rural, and critical access hospitals may need additional external support.”

The EHR vendor should also complete an annual assessment and attest that its product is able to meet each of the SAFER recommendations.

“The hospital should obtain a copy of the vendor’s annual SAFER assessment along with an attestation that it is complete, correct, and current,” the authors said.

“Hospitals also should review and maintain a copy of the vendor’s EHR implementation guide to learn how the hospital can configure the EHR to meet the SAFER recommendations,” they added. “If such a guide is unavailable, hospitals should encourage their vendor to create one.”

Meet Synchronously and Asynchronously

The authors emphasized that assessing the implementation status of each SAFER practice requires substantial breadth and depth of knowledge that no individual person is likely to have.

“To create a shared understanding and collective responsibility for practices, hospitals should use a mix of in-person and virtual meeting strategies along with asynchronous follow-up methods to ensure progress,” they suggested.

“Meetings could involve a series of one- to two-hour biweekly sessions with each focused on a particular guide; whereas asynchronous work could facilitate getting a variety of inputs on how well a practice has been implemented,” the authors continued.

For instance, one hospital system used an online survey which allowed team members to rate the implementation status of specific SAFER recommendations. The survey also allowed team members to write comments outlining context and next steps.

Document and Communicate Implementation Status

To show evidence of self-assessment, hospitals should maintain comprehensive documentation of:

• SAFER assessment team members and their roles
• Meeting date(s) and guides reviewed
• Meeting participants and their roles
• A summary of responses to items in each guide
• Contact information of people responsible for providing the information

The authors noted that if the team’s opinions differ about recommendations, they should include evidence to adjudicate their status in the assessment. Evidence may include email correspondence, hardware or service contracts, excerpts from the vendor’s help or system configuration manuals, screen printouts, or the vendor’s SAFER attestation documentation.

Once the team completes the assessment, they should present findings to the hospital’s governance board.

Prioritize and Address Unmet SAFER Recommendations

Lastly, hospitals should use the assessment to identify areas of improvement.

“Actions to move a single recommendation from not implemented to fully implemented can take considerable time and effort,” they said. “While there is no CMS mandate that recommends that practices be fully implemented, hospitals are increasingly striving for zero harm and high reliability and should make every effort to proactively mitigate risks.”

Hospitals should prioritize the implementation of practices that affect large numbers of patients, present the greatest safety risk, or closely align with existing organizational priorities, the article suggested.