• Print

Policymaking, Regulation, & Strategy

Health IT and Safety

Health IT makes new improvements in health care quality and safety possible, compared to paper records. Yet, if not designed and used correctly, it can also introduce new risks of harm. The Office of the National Coordinator (ONC) is taking actions on health IT and patient safety as described in our Health IT Patient Safety Action and Surveillance Plan by Improving the safe use of health IT, Learning more about the impact of health IT on patient safety, and Leading to create a culture of shared responsibility among all users of health IT.

As clinicians and their patients increasingly rely on electronic health records (EHRs) instead of paper charts, we continue to learn about health IT's positive impact on the quality and safety of patient care, and how developers and users can maximize that impact. Information and actionable resources representing progress under the HealthIT Patient Safety Action and Surveillance Plan are available below.


IMPROVE: ONC offers resources to help improve health IT safety and patient safety

  • SAFER Guides: The SAFER Guides are designed to help healthcare organizations conduct self-assessments to optimize the safety and safe use of electronic health records (EHRs). The SAFER Guides were developed based on the best evidence available including a literature review, expert opinion, and field testing at a wide range of healthcare organizations, from small ambulatory practices to large health systems.. Each of the nine SAFER Guides begins with a checklist of “recommended practices.”

    safety image

    Safer Recommendations

    Clinician Communication
    • Clinicians are able to electronically access current patient and clinician contact information (e.g., email address, telephone and fax numbers, etc.) and identify clinicians currently involved in a patient’s care.
    • Both EHR design and organizational policy facilitate clear identification of clinicians who are responsible for action or follow-up in response to a message.
    Contingency Planning
    • Staff are trained and tested on downtime and recovery procedures.
    • Patient data and software application configurations critical to the organization’s operations are backed up.
    CPOE and CDS
    • Evidence-based order sets are available in the EHR for common tasks/conditions and are updated regularly.
    • Corollary (or consequent) orders are automatically suggested when appropriate and the orders are linked together, so that changes are reflected when the original order is rescheduled, renewed, or discontinued.
    High Priority
    • Information required to accurately identify the patient is clearly displayed on screens and printouts.
    • Clinicians are able to override computer-generated clinical interventions when they deem necessary.
    Organizational Responsibility
    • Communication mechanisms ensure that EHR users learn of EHR changes promptly, and users are able to give feedback on related safety concerns.
    • The highest-level decision makers (e.g., boards of directors or owners of physician practices) are committed to promoting a culture of safety that incorporates the safety and safe use of EHRs.
    Patient Identification
    • Users are warned when they attempt to create a new record for a patient (or look up a patient) whose first and last name are the same as another patient.
    • The organization has a process to assign a “temporary” unique patient ID (which is later merged into a permanent ID) in the event that either the patient registration system is unavailable or the patient
    System Configuration
    • The EHR is configured to ensure EHR users work in the “live” production version, and do not confuse it with training, test, and read-only backup versions.
    • The organization has processes and methods in place to monitor the effects of key configuration settings to ensure they are working as intended.
    System Interfaces
    • At the time of any major system change or upgrade that affects an interface, the organization implements procedures to evaluate whether users on both sides of the interface correctly understand and use information that moves over the interface.
    • Security procedures, including role-based access, are established for managing and monitoring key designated aspects of interfaces and data exchange.
    Test Result Review and Followup
    • Written policies specify unambiguous responsibility for test result follow-up with a shared understanding of that responsibility among all involved in providing follow-up care.
    • The EHR has the capability for the clinician to set reminders for future tasks to facilitate test result follow-up.
  • How to Identify and Address Unsafe Conditions Associated with Health IT [PDF - 1.4 MB]
  • The Role of Health IT Developers in Improving Patient Safety in High Reliability Organizations [PDF - 729 KB]
  • Workflow Assessment for Health IT Toolkit: This online toolkit helps small and medium-sized outpatient practices better assess their workflows and determine when and how health IT may be useful.
  • Implementation Tools for E-Prescribing: This is a guide for preparing for and launching an e-prescribing system
  • Guide to Reducing Unintended Consequences of EHRs: This online resource is designed to help health care organizations anticipate, avoid, and troubleshoot problems that can occur when implementing and using EHRs.

LEARN: health IT safety analyses

LEAD: Promote a culture of safety related to health IT