High Priority Practices

1 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Safety Assurance Factors

for EHR Resilience

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Self Assessment

High Priority Practices

General Instructions

for the SAFER Self Assessment Guides

The SAFER Guides are designed to help healthcare

organizations conduct self-assessments to optimize the

safety and safe use of electronic health records (EHRs) in

the following areas.

▪

High Priority Practices

▪

Organizational Responsibilities

▪

Contingency Planning

▪

System Conguration

▪

System Interfaces

▪

Patient Identication

▪

Computerized Provider Order Entry

with Decision Support

▪

Test Results Reporting and Follow-Up

▪

Clinician Communication

Each of the nine SAFER Guides begins with a Checklist

of “recommended practices.” The downloadable SAFER

Guides provide llable circles that can be used to indicate

the extent to which each recommended practice has been

implemented. Following the Checklist, a Practice Worksheet

gives a rationale for and examples of how to implement

each recommended practice, as well as likely sources of

input into assessment of each practice, and llable elds

to record team members and follow-up action. In addition

to the downloadable version, the content of each SAFER

Guide, with interactive references and supporting materials,

can also be viewed on ONC’s website at www.healthit.gov/

SAFERGuide.

The SAFER Guides are based on the best evidence available

at this time (2013), including a literature review, expert

opinion, and eld testing at a wide range of healthcare

organizations, from small ambulatory practices to large

health systems. The recommended practices in the SAFER

Guides are intended to be useful for all EHR users. However,

every organization faces unique circumstances and will

implement a particular practice differently. As a result, some

of the specic examples in the SAFER Guides for recommend-

ed practices may not be applicable to every organization.

The SAFER Guides are designed in part to help deal with

safety concerns created by the continuously changing land-

scape that healthcare organizations face. Therefore, changes

in technology, clinical practice standards, regulations and

policy, and associated industry practices should be taken into

account when using the SAFER Guides. Periodic self-assess-

ments using the SAFER Guides may also help organizations

identify areas in which it is particularly important to address

the implications of change for the safety and safe use of EHRs.

In some instances, Meaningful Use and/or HIPAA Security Rule

requirements are identied in connection with recommend-

ed practices. The SAFER Guides are not intended to be used

for legal compliance purposes, and implementation of a

recommended practice does not guarantee compliance with

Meaningful Use, HIPAA, or other laws. The SAFER Guides are

for informational purposes only and are not intended to be

an exhaustive or denitive source. They do not constitute

legal advice or offer recommendations based on a healthcare

provider’s specic circumstances. Users of the SAFER Guides

are encouraged to consult with their own legal counsel with

regard to compliance with Meaningful Use, HIPAA, and other

laws. For more information on Meaningful Use, please visit

the Centers for Medicare & Medicaid Services website at

www.cms.gov. For more information on HIPAA, please visit

the HHS Ofce for Civil Rights website at www.hhs.gov/ocr.

2 of 26

SAFER Self Assessment | High Priority Practices

SAFER

Safety Assurance Factors

for EHR Resilience

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

January 2014

Self Assessment

High Priority Practices

Introduction

The High Priority Practices SAFER Guide identies

“high risk” and “high priority” recommended safety

practices intended to optimize the safety and safe use

of EHRs. It broadly addresses the EHR safety concerns

discussed in greater detail in the other eight SAFER

Guides. Assembling a multi-disciplinary safety team is

recommended to complete this guide, as a team will

be best equipped to identify which EHR-related safety

practices should be addressed rst and which of the

other SAFER Guides to turn to next.

The potential benets of EHRs may not be fully

maximized unless the people responsible for their

implementation, maintenance, and use are prepared

for (and manage) the new challenges and risks they

create.

1-6

These new risks are both “social” (involving

people, leadership, workow, and policies) and

“technical” (involving EHR hardware and software and

system-to-system interfaces, congurations, upgrades,

and maintenance). This guide is designed to help the

people responsible for EHR safety in each specic

complex “sociotechnical” healthcare organization

focus on the most important safety challenges and risks

introduced by EHRs.

Completing the self-assessment in the High Priority

Practices SAFER Guide requires the engagement of

people both within and outside the organization (such

as EHR technology developers and diagnostic services

providers). Because this guide is designed to help

organizations prioritize EHR-related safety concerns,

clinician leadership in the organization should be

engaged to assess whether and how any particular

recommended practice affects the organization’s

ability to deliver safe, high quality care. Collaboration

between clinicians and staff members while completing

the self-assessment in this guide will enable an

accurate snapshot of the organization’s EHR status (in

terms of safety) and, even more importantly, should

lead to a consensus about the organization’s future

path to optimize EHR-related safety and quality:

setting priorities among the recommended practices

not yet addressed, ensuring a plan is in place to

maintain recommended practices already in place,

dedicating the required resources to make necessary

improvements, and working together to mitigate the

highest priority safety risks introduced by the EHR.

3 of 26

SAFER Self Assessment | High Priority Practices

SAFER

Safety Assurance Factors

for EHR Resilience

January 2014

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Self Assessment

High Priority Practices

Table of Contents

General Instructions 1

Introduction 2

About the Checklist 4

Checklist 5

Team Worksheet 7

About the Recommended

Practice Worksheets 8

The SAFER Self Assessment Guides were developed by health IT safety researchers and informatics experts:

Joan Ash

, PhD MLS, MS, MBA, Professor and Vice Chair, Department of Medical Informatics and Clinical Epidemiology, School of Medicine,

Oregon Health & Science University;

Hardeep Singh, MD, MPH, Associate Professor of Medicine at the Michael E. DeBakey Veterans Affairs Medical Center and Baylor College of Medi-

cine and Chief of the Health Policy, Quality and Informatics Program at the Houston VA HSR&D Center of Excellence, and Director of the Houston VA

Patient Safety Center of Inquiry; and

Dean Sittig, PhD, University of Texas School of Biomedical Informatics at Houston, UT–Memorial Hermann Center for Healthcare Quality & Safety.

This guide was developed under the contract Unintended Consequences of Health IT and Health Information Exchange, Task Order HHSP23337003T/HHSP23320095655WC.

The ONC composite mark is a mark of the U.S. Department of Health and Human Services. The contents of the publication or project are solely the responsibility of the authors and do not necessarily represent

the ofcial views of the U.S. Department of Health and Human Services, Ofce of the National Coordinator for Health Information Technology.

4 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Self Assessment

High Priority Practices

About the Checklist

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

The Checklist is structured as a quick way to enter and print your self-assessment.

Your selections on the checklist will automatically update the related section

of the corresponding recommended practice worksheet.

The Phase associated with the Recommended Practice(s) appears at the top of

the column. Click on the link to access more information about the Phases and

Principles from the website.

Self Assessment

SAFER

5 of 17

Contingency Planning

SAFER Self Assessment | Contingency Planning

December xx, 2013

Checklist

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practices for Phase 1 — Safe Health IT

Hardware that runs applications critical to the

organization’s operation is duplicated.

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

reset

An electric generator and sufcient fuel are available

to support the EHR during an extended power outage.

Paper forms are available to replace key EHR functions

during downtimes.

Patient data and software application congurations

critical to the organization’s operations are backed up.

Policies and procedures are in place to ensure accurate

patient identication when preparing for, during,

and after downtimes.

Staff are trained and tested on downtime

and recovery procedures.

A communication strategy that does not rely on the

computing infrastructure exists for downtime and

recovery periods.

Written policies and procedures on EHR down-

times and recovery processes ensure continuity

of operations with regard to safe patient care and

critical business operations.

The user interface of the locally maintained backup,

read-only EHR system is clearly differentiated from

the live/production EHR system.

Worksheet 1

There is a comprehensive testing and monitoring

strategy in place to prevent and manage EHR down-

time events.

Worksheet 2

Worksheet 3

Worksheet 4

Worksheet 5

reset

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

reset

Recommended Practices for Phase 2 — Using Health IT Safely

Worksheet 6

Worksheet 7

Worksheet 8

Worksheet 9

reset

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

reset

Recommended Practices for Phase 3 — Monitoring Safety

Worksheet 10

The Recommended

Practice(s) for the

topic appear below

the associated Phase.

Select the level

of Implementation

achieved by your

organization for

each Recommended

Practice.

Your Implementation

Status will be

reected on the

Recommended

Practice Worksheet

in this PDF.

To the right of each Recommended Practice is a link

to the Recommended Practice Worksheet in this PDF.

The Worksheet provides guidance on implementing

the Practice.

Self Assessment

5 of 26

High Priority Practices

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Checklist

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

Recommended Practices for Phase 1 — Safe Health IT

Data and application congurations are backed up and

hardware systems are redundant.

Worksheet 1

reset

EHR downtime and reactivation policies and procedures

are complete, available, and reviewed regularly.

Worksheet 2

reset

Allergies, problem list entries, and diagnostic test

results (including interpretations of those results, such

as “normal” and “high”), are entered/stored using

standard, coded data elements in the EHR.

Worksheet 3

reset

Evidence-based order sets and charting templates are

available for common clinical conditions, procedures,

and services.

Worksheet 4

reset

Interactive clinical decision support features and

functions (e.g., interruptive warnings, passive

suggestions, or info buttons) are available

and functioning.

Worksheet 5

reset

Hardware and software modications and system-system

interfaces are tested (pre- and post-go-live) to ensure

data are not lost or incorrectly entered, displayed, or

transmitted within or between EHR system components.

Worksheet 6

reset

Clinical knowledge, rules, and logic embedded in the

EHR are reviewed and addressed regularly and whenever

changes are made in related systems.

Worksheet 7

reset

Policies and procedures ensure accurate patient

identication at each step in the clinical workow.

Worksheet 8

reset

Recommended Practices for Phase 2 — Using Health IT Safely

Information required to accurately identify the

patient is clearly displayed on screens and printouts.

Worksheet 9

reset

The human-computer interface is easy to use and

designed to ensure that required information is

visible, readable, and understandable.

Worksheet 10

reset

Self Assessment

6 of 26

High Priority Practices

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Checklist

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practices for Phase 2 — Using Health IT Safely

The status of orders can be tracked in the system.

Worksheet 11

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

reset

Clinicians are able to override computer-generated

clinical interventions when they deem necessary.

Worksheet 12

reset

The EHR is used for ordering medications, diagnostic

tests, and procedures.

Worksheet 13

reset

Knowledgeable people are available to train, test,

and provide continuous support for clinical EHR users.

Worksheet 14

reset

Pre-dened orders have been established for common

medications and diagnostic (laboratory/radiology)

testing.

Worksheet 15

reset

Recommended Practices for Phase 3 — Monitoring Safety

Key EHR safety metrics related to the practice/organization

are monitored.

Worksheet 16

Implementation Status

Fully

in all areas

Partially

in some areas

Not

implemented

reset

EHR-related patient safety hazards are reported

to all responsible parties, and steps are taken to

address them.

Worksheet 17

reset

Activities to optimize the safety and safe use of EHRs

include clinician engagement.

Worksheet 18

reset

Self Assessment

7 of 26

High Priority Practices

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Team Worksheet

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

reset page

A multidisciplinary team should complete this self-assessment and evaluate potential health IT-related patient safety risks addressed

by this specic SAFER Guide within the context of your particular healthcare organization.

This Team Worksheet is intended to help organizations document

the names and roles of the self-assessment team, as well as

individual team members’ activities. Typically team members

will be drawn from a number of different areas within your

organization, and in some instances, from external sources. The

suggested Sources of Input section in each Recommended Practice

Worksheet identies the types of expertise or services to consider

engaging. It may be particularly useful to engage specic clinician

and other leaders with accountability for safety practices identi-

ed in this guide.

The Worksheet includes llable boxes that allow you to document

relevant information. The Assessment Team Leader box allows

documentation of the person or persons responsible for ensuring

that the self-assessment is completed. The section labeled

Assessment Team Members enables you to record the names of

individuals, departments, or other organizations that contributed

to the self-assessment. The date that the self-assessment is

completed can be recorded in the Assessment Completion Date

section and can also serve as a reminder for periodic reassess-

ments. The section labeled Assessment Team Notes is intended to

be used, as needed, to record important considerations or conclu-

sions arrived at through the assessment process. This section can

also be used to track important factors such as pending software

updates, vacant key leadership positions, resource needs, and

challenges and barriers to completing the self-assessment or

implementing the Recommended Practices in this SAFER Guide.

Assessment Team Leader

Assessment Completion Date

Assessment Team Members

Assessment Team Notes

Self Assessment

8 of 26

High Priority Practices

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

About the Recommended

Practice Worksheets

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Each Worksheet provides guidance on implementing a specic Recommended Practice,

and allows you to enter and print information about your self-assessment.

Self Assessment

Contingency Planning

11 of 17

SAFER Self Assessment | Contingency Planning

December xx, 2013

reset page

SAFER

Recommended Practice 4

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practice

Patient data and software application congurations critical

to the organization’s operations are backed up.

HIPAA

Checklist

Implementation Status

Rationale for Practice or Risk Assessment

Backup of mission-critical patient data and EHR system

conguration allows system restoration to a “pre-failure”

state with minimal data loss.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

The organization has a daily, off-site, complete, encrypted

backup of patient data.

▪

The off-site backup is tested regularly (optimally on at least

a monthly basis, i.e., complete restore).

▪

The content required to congure the system is backed up

on a regular basis (optimally on a monthly basis and before

every system upgrade).

▪

The organization maintains multiple backups,

created at different times.

▪

Backup media are physically secured.

▪

Backup media are rendered unreadable (i.e., use software

to scramble media contents or physically destroy/shred

media) before disposal.

▪

The organization has a “read-only” backup EHR system

that is updated frequently (optimally at least hourly).

▪

The read-only EHR system is tested regularly

(optimally at least weekly).

▪

Users can print from the read-only EHR system.

▪

If there is a “unit-level” read-only backup EHR

system, it is connected to a local UPS or “red plug.”

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

Click on a link below to view the topic online:

»References »Phases & Principles »HIPAA »Meaningful Use

The Rationale section

provides guidance

about “why” the

safety activities

are needed.

The Suggested Sources

of Input section

indicates categories

of personnel

who can provide

information to help

evaluate your level

of implementation.

The Examples section

lists potentially

useful practices or

scenarios to inform

your assessment and

implementation of the

specic Recommended

Practice.

Enter any notes about

your self-assessment.

Enter any follow-up

activities required.

Enter the name

of the person

responsible for the

follow-up activities.

Each Worksheet shows

links to additional

information available

on the website.

9 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFERSAFER

Self Assessment

High Priority Practices

Recommended Practice 1

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practice

Data and application congurations are backed up and hardware systems

are redundant.

8-10

HIPAA

Checklist

Implementation Status

Rationale for Practice or Risk Assessment

Hardware and software failures are inevitable. Without redun-

dant backup hardware, delays in restoring system operation

can affect business continuity. Without data backups, key

clinical and administrative information can be lost.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Mission-critical hardware systems (e.g., database

servers, network routers, connections to the Internet) are

duplicated.

▪

Data are encrypted and backed up frequently, and

transferred to an off-site storage location at least weekly.

▪

System backups are tested (e.g., restored to the test

environment) on a monthly basis.

See the Contingency Planning Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

reset page

Self Assessment

High Priority Practices

10 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 2

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practice

EHR downtime and reactivation policies and procedures are complete,

available, and reviewed regularly.

HIPAA

Checklist

Implementation Status

Rationale for Practice or Risk Assessment

Failure to prepare for the inevitability of EHR downtimes greatly

increases the potential for errors in patient care during these

difcult times.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Policies describe:

▪ When a “downtime” should be called (including when the EHR

is functionally unavailable [e.g., very slow response time]),

▪ Who will be in charge during the downtime,

▪ How everyone will be notied, and

▪ Who is responsible for entering data collected

during the downtime.

▪

Hospital personnel are trained (and tested annually) in

these procedures.

▪

The organization regularly conducts tabletop downtime and

reactivation simulations or “drills.”

See the Contingency Planning Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

reset page

Self Assessment

High Priority Practices

11 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 3

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Recommended Practice

Allergies, problem list entries, and diagnostic test results (including interpreta-

tions of those results, such as “normal” and “high”), are entered/stored using

standard, coded data elements in the EHR.

7,12-21

Meaningful Use

Checklist

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Rationale for Practice or Risk Assessment

Free text data cannot be used by clinical decision support

logic

to check for data entry errors or notify clinicians about

important new information.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Examples of Potentially Useful Practices/Scenarios

▪

RxNorm is used for coding medications and NDF-RT

for medication classes.

▪

SNOMED-CT is used for coding allergens, reactions,

and severity.

▪

SNOMED-CT, ICD-10, or ICD-9 is used for coding clinical

problems and diagnoses.

▪

LOINC and SNOMED-CT are used for coding clinical

laboratory results.

▪

Abnormal laboratory results are coded as such.

See the Computerized Provider Order Entry with Decision

Support Guide and Test Results Reporting and Follow-Up

Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

12 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 4

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Evidence-based order sets and charting templates are available for common

clinical conditions, procedures, and services.

7, 23

Checklist

Rationale for Practice or Risk Assessment

Requiring clinicians to enter individual orders for routine clinical

practices increases risk of overlooking one or more items.

Allowing individual clinicians to create order sets runs the risk

of institutionalizing poor practice.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Clinical content is developed or modied based on

evidence through consensus by experts relying, where

available, on nationally recognized, consensus-based

clinical decision support (CDS) recommendations.

See AHRQ’s Clinical Decision Support Initiative.

▪

Institute for Safe Medication Practices (ISMP) order set

guidelines

are used to create order sets.

▪

Order sets exist for the 10 most common clinical conditions

(e.g., management of chest pain), procedures (e.g., insulin

administration and monitoring), and clinical services (e.g.,

admission to labor and delivery).

See the Computerized Provider Order Entry with Decision

Support Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

13 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 5

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Interactive clinical decision support features and functions

(e.g., interruptive warnings, passive suggestions, or info buttons)

are available and functioning.

25-30

Meaningful Use

Checklist

Rationale for Practice or Risk Assessment

Interactive clinical decision support interventions help

reduce the risks associated with ordering inappropriate,

contraindicated, and non-therapeutic doses (i.e., under

or overdoses), and provide just-in-time clinical knowledge

to clinicians.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Each practice identies a minimum number of highly

specic CDS features and functions and monitors their

availability and use.

▪

Appropriate CDS features and functions include:

▪ Alerts for abnormal laboratory test results.

▪ Tiered drug-drug interaction checks.

▪ Drug-allergy interaction checks.

▪ “Reverse allergy” checking occurs when a new

allergen is entered for a patient.

▪ Drug-food interaction support.

▪ Drug-condition interaction checks (e.g., Accutane or tetracycline

prescribed for a pregnant woman).

▪ Drug-patient age interaction checks (e.g., medications

contraindicated in the elderly).

▪ Drug dosing support for maximum (dose, daily, and lifetime),

minimum, renal,

weight-based, and age-appropriateness.

See the Computerized Provider Order Entry with Decision

Support Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

14 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 6

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Hardware and software modications and system-system interfaces are tested

(pre- and post-go-live) to ensure data are not lost or incorrectly entered,

displayed, or transmitted within or between EHR system components.

33-36

HIPAA

Checklist

Rationale for Practice or Risk Assessment

Failure to test new or modied hardware and software func-

tions along with system-system interfaces, both pre- and post-

go-live, increases the risk of inadvertent errors and patient

harm. Routine changes can result in unexpected side-effects

leading to incomplete or unreliable functionality.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Hardware and software should be tested both pre- and

post-go-live. Include tests using clearly named “test”

patients (e.g., ZZtest345 with patient ID 999999999)

in the “live” environment.

▪

High-priority clinical processes should be simulated using

real clinicians.

▪

Use the Leapfrog Group’s “Evaluation Tool for

Computerized Physician Order Entry” (or some similar

automated tool) to assess point-of-care CDS intervention

completeness and reliability on a regular basis.

▪

Applications and system-system interfaces are tested to

ensure that data are neither lost nor incorrectly entered,

displayed, or transmitted.

▪

Interfaces (e.g., HL-7) capable of sending, receiving,

acknowledging, and cancelling orders and results exist

and are tested between ADT – Laboratory, -Pharmacy,

and -Radiology; and CPOE – Pharmacy, -Laboratory, and

-Radiology.

▪

Error logs are regularly inspected and errors xed.

See the System Conguration Guide, System Interfaces

Guide, and Test Results Reporting and Follow-Up Guide

for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

15 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 7

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Clinical knowledge, rules, and logic embedded in the EHR are reviewed and

addressed regularly and whenever changes are made in related systems.

30, 37-40

Checklist

Rationale for Practice or Risk Assessment

Medical knowledge is constantly evolving. Failure to review

and update clinical content can result in outdated practices

continuing long after they should be discontinued or updated.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Clinical content (e.g., order sets, default values, charting

templates, patient education materials, and health

maintenance reminders) are reviewed at least bi-annually

or as needed (e.g., following user feedback, changes in

clinical practice standards, or manufacturer alert) against

recent evidence and best practices.

See the Computerized Provider Order Entry with Decision

Support Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

16 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 8

Worksheet

Phase 1 —

Safe Health IT

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Policies and procedures ensure accurate patient identication at each step in

the clinical workow.

HIPAA

Checklist

Rationale for Practice or Risk Assessment

Wrong patient charting is one of the more common safety

problems in EHRs and can result in both data integrity and

data condentiality issues when protected health information

is disclosed in the wrong chart and is missing from the right

chart. Accurate and consistent patient identication is one

of the most important patient safety measures in an EHR-

enabled healthcare system.

Suggested Sources of Input

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Information required to facilitate positive patient ID is visible

on all screens and printouts and includes: Last name, rst

name, date of birth (with calculated age in age-appropriate

units), gender, medical record number, in-patient location

(or home address), recent photograph (recommended),

and responsible physician (optional).

▪

The master patient index employs a probabilistic matching

algorithm that uses patient’s rst and last names, date of

birth, gender, and zip code or telephone number or social

security number.

▪

The system generates a pop-up alert when a user

attempts to create a record for a new patient or looks up

an existing patient with the same rst and last name as an

existing patient.

▪

Before allowing the user to change the current patient

(and display data for another patient), the system checks

that all entered data have been saved (i.e., signed).

See the Patient Identication Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

17 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 9

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Information required to accurately identify the patient is clearly displayed

on screens and printouts.

42,43

Checklist

Rationale for Practice or Risk Assessment

If clinicians cannot clearly identify the patient they are working

on, they are at increased risk of making EHR entries in the

wrong record or relying on information on the wrong patient,

resulting in patient care and treatment errors, which are among

the most common types of errors in the modern EHR-enabled

healthcare system.

Suggested Sources of Input

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Information required for patient ID includes:

▪ Last name

▪ First name

▪ Date of birth (with calculated age)

▪ Gender

▪ Medical record number

▪ In-patient location (or home address)

▪ Recent photograph (optional)

▪ Responsible physician (e.g., attending, PCP, or admitting).

▪

The duplicate patient ID rate (number of patient records

with the same rst name, last name, and date of birth in the

EHR database) is monitored.

See the Computerized Provider Order Entry with Decision

Support Guide and Patient Identication Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

18 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 10

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

The human-computer interface is easy to use and designed to ensure that

required information is visible, readable, and understandable.

43-46

Checklist

Rationale for Practice or Risk Assessment

Clinicians are constantly under time pressure. User interfaces

that are difcult to see, comprehend, and use signicantly

increase the risk of error and patient harm.

Suggested Sources of Input

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Visible: columns are wide enough to view critical data.

▪

Readable: appropriate font sizes and contrast are used.

▪

Understandable: only standardized abbreviations are used;

the most recent orders and results are clearly marked.

▪

Consistent: similar functions have similar labels; different

functions have different labels.

▪

When possible, items that are related, or have similar

functions, are grouped and displayed together rather

than alphabetically.

▪

System response time is adequate (e.g., mean under

3 seconds; max under 10 seconds).

▪

User input data elds are large enough to enter required

information, and selection options are clearly dened and

easy to select.

See the System Conguration Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

19 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 11

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

The status of orders can be tracked in the system.

Checklist

Rationale for Practice or Risk Assessment

Errors often occur when users assume that orders entered

into the computer will be done as specied. To facilitate closed

loop communication and tracking of tasks and orders, the EHR

should provide users with information regarding their status.

Suggested Sources of Input

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Users are notied of key actions (or inactions) relating

to their orders, such as when ordered medications get

discontinued (manually or automatically), antibiotic

renewals are not processed, and when orders placed

at later times of the day will not be acted upon till the

next day.

▪

Users are able to track the status of orders (e.g., specimen

collected, specimen received, resulted).

▪

There is clear distinction (e.g., different font or color)

between newly entered and copied data.

See the Computerized Provider Order Entry with Decision

Support Guide and Test Results Reporting and Folllow-Up

Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

20 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 12

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

»References

Click on a link below to view the topic online:

»Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Clinicians are able to override computer-generated clinical interventions when

they deem necessary.

47,48

Checklist

Rationale for Practice or Risk Assessment

Computers cannot practice medicine. Disallowing clinician

overrides of computer-generated interventions implies that

computers have access to more accurate data and greater

medical knowledge and expertise than clinicians. This is

rarely true.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical

administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Hard stop alerts (i.e., the user must take an action before

proceeding) are used only for the most egregious potential

errors. Hard stop alert overrides are closely monitored and

reviewed often.

▪

The alert override rate (i.e., the number of point-of-care

alerts that clinicians override divided by the total number of

point-of-care alerts generated) is monitored, and alerts with

high override rates are reviewed.

See the Computerized Provider Order Entry with Decision

Support Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

21 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 13

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

The EHR is used for ordering medications, diagnostic tests,

and procedures.

Meaningful Use

Checklist

Rationale for Practice or Risk Assessment

Partial EHR use means that clinicians must look in two sepa-

rate places to nd the most recent orders, which increases the

potential to miss or delay lling critical orders. Hybrid systems,

part electronic and part paper, are particularly hazardous.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

Diagnostic services

Health IT support staff

Pharmacy

Examples of Potentially Useful Practices/Scenarios

▪

The CPOE rate (i.e., the number of orders electronically

entered by clinicians divided by the total number of orders

entered) is monitored.

▪

The percentage of verbal or paper orders that are entered

by ancillary personnel is less than 10 percent.

▪

Free text and “miscellaneous” orders are discouraged by

providing appropriate supports.

▪

Policies and procedures are in place that clearly identify

and manage hazards associated with ordering that

continues to occur outside of the EHR.

See the Computerized Provider Order Entry with Decision

Support Guide and Test Results Reporting and Folllow-Up

Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

22 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 14

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Knowledgeable people are available to train, test, and provide continuous

support for clinical EHR users.

Checklist

Rationale for Practice or Risk Assessment

Clinicians cannot use EHRs safely if they have not been

trained and do not have access to assistance when needed.

EHRs are complex tools. In order to maximize patient safety,

clinicians must not be expected to “learn the basics on the job.”

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

All clinicians receive training appropriate to their expected

use of the EHR. An assessment is made of the need for

such specialized training beyond system-wide, generic

training.

▪

Trainers have advanced EHR and/or informatics training.

▪

Trainers are available before and after go-live, and provide

on-going support for users during EHR optimization.

▪

All clinicians are trained and tested on basic

EHR and CPOE operations before being issued

▪

The clinician training rate (i.e., the number of clinicians

trained to use the EHR who have passed a basic

competency test divided by the total number of clinicians

with EHR user privileges) is monitored.

▪

When any category of clinician users of EHRs requests

training, especially when they also indicate that they are

not adequately trained to safely do their jobs, such training

is promptly provided. Organizations have processes to

identify training opportunities that would optimize the safe

use of EHRs.

See the Organizational Responsibilities Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

23 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 15

Worksheet

Phase 2 —

Using Health IT Safely

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

»References

Click on a link below to view the topic online:

»Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Pre-dened orders have been established for common medications and

diagnostic (laboratory/radiology) testing.

Checklist

Rationale for Practice or Risk Assessment

Unnecessary clinical practice variation should be minimized.

Forcing clinicians to enter specic values that are then

matched to a list of allowable values or to select from a set of

possible values increases variability and can result in errors.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

Complete medication order sentences exist for the most

commonly ordered medications, laboratory tests, and

radiology studies.

See the Computerized Provider Order Entry

with Decision Support Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

24 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 16

Worksheet

Phase 3 —

Monitoring Safety

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Key EHR safety metrics related to the practice/organization are monitored.

Checklist

Rationale for Practice or Risk Assessment

Measurement and monitoring of key performance indicators

is essential for improvements in safety.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

EHR uptime rate

Minutes the EHR was available to clinicians divided by

number of minutes in the reporting period.

▪

System response time

Mean time to display a recent CBC result on a test patient,

measured every minute of every day in the reporting

period.

▪

Serious EHR-related adverse events

A list of reported EHR-related adverse events (whether

they resulted in patient harm or not, including any reported

breaches of patient condentiality).

▪

Potential wrong patient error rate

Requests to “change” orders that result in cancellation of

rst order and the creation of an order for the same item on

a different patient by the same user.

See the Organizational Responsibilities Guide and System

Conguration Guide for related recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

25 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 17

Worksheet

Phase 3 —

Monitoring Safety

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

EHR-related patient safety hazards are reported to all responsible parties,

and steps are taken to address them.

Checklist

Rationale for Practice or Risk Assessment

Ensuring that EHR-related patient safety hazards are

systematically identied, reported, and addressed is

essential to improving the safety of EHRs.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

EHR developer

Health IT support staff

Examples of Potentially Useful Practices/Scenarios

▪

The organization clearly identies through policies and

procedures how to address reports of EHR safety hazards.

▪

The organization ensures that reports of hazards and

adverse events are reported, as appropriate, to EHR

developers as well as senior leadership and boards.

▪

The organization has a relationship with a patient safety

organization experienced in investigating and addressing

EHR-related patient safety incidents.

▪

The total number of EHR-related software errors

(i.e., bugs) reported is monitored.

▪

The serious EHR error x rate (i.e., the number of errors

with potential for causing direct patient harm xed within

3 months divided by the total number of errors reported)

is monitored.

See the Organizational Responsibilities Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page

Self Assessment

High Priority Practices

26 of 26

SAFER Self Assessment | High Priority Practices

January 2014

SAFER

Recommended Practice 18

Worksheet

Phase 3 —

Monitoring Safety

>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets

>Practice Worksheets

Implementation Status

Click on a link below to view the topic online:

»References »Phases & Principles »Meaningful Use »HIPAA

Recommended Practice

Activities to optimize the safety and safe use of EHRs include

clinician engagement.

Checklist

Rationale for Practice or Risk Assessment

Unless clinicians are included in decisions that affect their

use of the EHR, they may not understand or accept changes,

which increases risks. Clinicians should be engaged in

identifying opportunities for the EHR to support safe and

effective clinical use.

Suggested Sources of Input

Clinicians, support staff,

and/or clinical administration

Diagnostic services

EHR developer

Health IT support staff

Pharmacy

Examples of Potentially Useful Practices/Scenarios

▪

Representatives from the following groups are involved

in decision making about EHR safety: clinicians,

administrators, patients, IT/informatics, board of directors

and CEO, and quality and legal staff.

See the Organizational Responsibilities Guide for related

recommended practices.

Assessment Notes

Follow-up Actions

Person Responsible for Follow-up Action

reset page