Dean F. Sittig, PhD is professor of biomedical informatics at
Describe the SAFER Guides and their purpose.
Following the IOM report in 2012 on patient safety and health IT, ONC promised that they would create some guidance to help organizations improve the safety and utility of their EHRs. The SAFER Guides were their attempt to do that. They contracted with us to develop them.
What do the Guides contain and how would you recommend that a hospital or health system use them?
There are some complex organizational structures, but mostly the Guides have about 10 to 25 recommended practices that are very general. Something like, “You need to back up your mission-critical hardware and software.” The Guides also have examples to help people understand what that means, so for a backup, that ought to be an encrypted, offsite backup taken on a daily basis.
There is also a rationale to help people understand why they would do that particular practice. There are a lot of references to link people to different aspects of the scientific literature from where those ideas came from. If the items on the list were either from the HIPAA guidelines or the Meaningful Use guidelines, we link those to give people a renewed emphasis on why they need to do certain aspects.
As to the answer to how an organization would use them, we think that in a large organization, you would convene a multidisciplinary team with someone from IT, some clinical people, some nursing, some of the ancillary services, maybe medical records people. Try to bring all those stakeholders together. Some people know the answers to certain questions and know the nuances of those. In smaller organizations, you’d probably have to contact your EHR vendor or your IT consultant that’s helping you to get the answers to these questions.
It looks like some of the items could be incorporated into an RFP.
While we were doing this, we started out going to a lot of different healthcare provider organizations and talking to them about what they were doing and trying to understand what things were working and weren’t. Some of them, we realized that the EHR vendor really has to do these things.
When we say something like, “The patient’s name should be on every screen and maybe it should have a picture of the patient,” the EHR vendor has to make that capability available. Then the organization has to implement that capability. You’re right; some of these things are very particular and only the vendors can do them.
How do you think the average hospital would do? Are these stretch goals, or would a hospital that’s competent in IT do fine?
Of the leading organizations — I think about the Scottsdale Institute members, for example, IHC, Mayo Clinic, and Partners …read more
