Be SAFER: ONC Updates Cyber Tips for Healthcare Companies

HealthIT.Gov's SAFER Guides Online

By Cindy Amedee, Marc Whitfield and John Murrill
​Partners, Taylor Porter

The Office of the National Coordinator for Health IT, at
healthit.gov, has updated two of its SAFER (Safety Assurance Factors for Electronic Health Record Resilience) guides. These two guides - "Test Results Reporting and Follow Up" and "Contingency Planning" - give guidance on improving communication of abnormal results to patients and tips for the prevention and mitigation of ransomware, as well as advice about managing system downtimes in the event of a cyber attack.

The SAFER guides were originally published in 2014 as a series of nine guides for healthcare providers to assess and remediate Electronic Health Records (EHR) vulnerabilities and optimize use of electronic health records to ensure patient safety. The evolution of healthcare and clinical technology since then have made these updated guides necessary, said ONC Chief Medical Information Officer Andrew Gettinger, MD,
in an interview with Healthcare IT News.

The updates were made based on feedback and experiences of healthcare providers and EHR developers, as well as recommendations from the Electronic Health Record Association, the National Quality Forum, the National Academy of Medicine, and the American Medical Informatics Association.

  • "Test Results Reporting and Follow-Up" - Identifies recommended practices intended to help providers develop processes for the safe use of EHR technology for the electronic communication and management of diagnostic test results.
  • "Contingency Planning" - Adds practices for prevention and mitigation of ransomware attacks as well as new recommendations about dealing with unplanned downtime, which is when an EHR system is unexpectedly partially or completely unavailable.


The SAFER Guides are organized into three broad groups — foundational guides, infrastructure guides, and clinical process guides. Each of the nine SAFER Guides contains expert recommendations, checklists, and templates for provider teams to self-examine the safety and usability of their own EHR systems. Other guides include "High Priority Practice," "System Interfaces," "Computerized Provider Order Entry with Decision Support," "Clinician Communication," "Organizational Responsibilities," "System Configuration," and "Patient Identification."

In addition to these guides, the ONC has created a "Health IT Playbook" to help small, medium-sized and large healthcare practices as they invest in health information technology best practices to improve value and quality in healthcare services. This Playbook is also designed to help each member of the care team — including administrators and physician practice owners, clinicians and practitioners, and practice staff — understand their role in leveraging health IT.

​For more information about these guides and other healthcare legal issues that affect your business, please do not hesitate to contact our attorneys on
Taylor Porter’s Healthcare Practice Team.

Disclaimer & Privacy

This website is for general information purposes only. Information posted is not intended to be legal advice. For more information, please see our Disclaimer message.

Share this Post:

See how we can help. Contact us today

8th Floor • 450 Laurel Street • Baton Rouge, LA 70801 • 225-387-3221

  • Disclaimer
  • © Taylor, Porter, Brooks & Phillips L.L.P. All rights reserved.