HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

SAFER Guides Updated by ONC: Ransomware Prevention and Mitigation Strategies Included

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has updated its SAFER Guides to include information to help healthcare providers protect against ransomware infections and mitigate ransomware attacks.

The Safety Assurance Factors for Electronic Health Record Resilience (SAFER) Guides were first released in January 2014 to help healthcare providers improve the usability of their EHRs and address the risks that EHR technology can introduce. The SAFER Guides can also be used to reduce the potential for patients to suffer EHR-related harm.

The SAFER Guides cover a range of key focus areas and include evidence-based best practices that can be adopted by healthcare providers to improve the usability and safety of their EHRs. Over the past three years, technology has changed as have the threats faced by the healthcare industry.

The guides were therefore due an update to keep them useful and relevant. Prior to issuing the updated guides, ONC sought feedback from healthcare providers and developers of EHRs. The comments and recommendations received from the National Academy of Medicine, the National Quality Forum, the American Medical Informatics Association, the Electronic Health Record Association and other organizations have been used to develop new best practices that healthcare providers should adopt.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The SAFER Guides include checklists and recommendations for healthcare organizations along with note templates that can be used to improve the safety and usability of EHRs. ONC says the guides have been developed to help reduce data-related burdens.

The guides now cover ransomware prevention strategies and mitigations to reduce the impact of ransomware attacks, including how to manage downtime following ransomware attacks and how to respond when EHR systems are slow or inaccessible.

The updated SAFER Guides can help organizations with EHR contingency planning to ensure compliance with that aspect of the HIPAA Security Rule. The SAFER guides now include an EHR contingency planning self-assessment to help in this regard.

The guides also include a new recommendation to the Test Results and Follow-Up Reporting Guide to help healthcare organizations communicate abnormal results to patients. The update incudes advice ONC received from the National Academy of Medicine.

To date, more than 52,000 users have downloaded the SAFER Guides and many EHR developers are now using the guides to help their customers set up their EHR systems and improve both safety and usability.

ONC says the SAFER Guides are particularly useful for technical assistance providers to help smaller healthcare organizations improve care quality and participate in the Medicare Quality Payment Program.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.