The researchers called for a shared responsibility for electronic health records (EHRs) between developers of these products and healthcare organizations to ensure compliance with Safety Assurance Factors for EHR Resilience (SAFER) guidelines. ).
This is a recommendation from scientists at the University of Texas at Houston Health Sciences Center (UTHealth) and Baylor College of Medicine. The document and recommendations were released today in the Journal of the American Medical Association (JAMA).
SAFER Guides enable healthcare organizations and EHR developers to perform self-assessments of their EHRs with the ultimate goal of proactively optimizing the safety and safe use of EHRs. While the Centers for Medicare & Medicaid Services (CMS) released new payment rules that required all eligible hospitals to use SAFER guides, what they lacked was the requirement that EHR developers use SAFER guides. Scientists recommend that developers of EHR systems also evaluate their products annually. This will ensure that their clients can implement and use the EHR as recommended in the SAFER guides.
While the new CMS policy requiring hospitals to perform annual self-assessment using SAFER guides creates a solid foundation, the authors say that responsibility for safety should be shared with EHR developers.
The researchers recommend three specific strategies to complement the new CMS rules. They propose:
- EHR developers self-assess their products annually against SAFER recommendations and indicate whether their EHR can be configured to meet each SAFER recommendation.
- ONC should perform annual reviews of SAFER recommendations to track EHR design, development and configuration changes.
- EHR developers should disseminate guidance to their customers on how to implement security practices related to their product.
They say these strategies strengthen the strong foundation for EHR security laid by new CMS regulations and more evenly divide the responsibility for making security improvements between those who design and develop EHRs and those who configure, implement. and use these systems.