In 2024, compliance officers and specialists face a familiar player with a new role: the SAFER Guides.
With the release of the latest Physician Fee Schedule Final Rule, tackling the High Priority Practices SAFER Guide is now a required element of the MIPS Promoting Interoperability performance category.
In this article, I explain what the SAFER guides are and what’s required to successfully attest to completing the requirement. Additionally, I encourage you to think beyond “just ticking off the boxes” by sharing how the Guides can fit into your more comprehensive risk management strategy.
What are the SAFER Guides?
The SAFER Guides were introduced in 2014 by the Center for Medicare and Medicaid (CMS). SAFER is an acronym that stands for “Safety Assurance Factors for EHR Resilience.”
The SAFER Guides consist of nine guides, including self-assessment checklists and implementation worksheets, which can be downloaded and completed by healthcare organizations and their teams to optimize the safety and safe use of health information technology.
Why Are SAFER Guides Required by CMS?
The SAFER Guides were implemented as part of a CMS initiative to promote safe use of EHRs. They are designed to train practices to consider contingency planning for their EHRs, identify safety practices for protecting health information, and identify risks in health IT use for patient care.
SAFER Guides by Group
| Foundational Guides |
High Priority Practices Organizational Responsibilities |
| Infrastructure Guides |
Contingency Planning System Configuration System Interfaces |
| Clinical Process Guides |
Patient Identification Computerized Provider Order Entry with Decision Support Test Results Reporting and Follow-Up Clinician Communication |
Chart via HealthIT.gov; accessed Jan. 2024
Additional Resources
This Office of the National Coordinator for Health IT video explains how your practice can collaborate to complete the SAFER Guides.
This CMS infographic explains the purpose and structure for completing the SAFER Guides. (A word of caution: This infographic is related to MIPS 2023 requirements. The completion requirements for MIPS 2024 have changed).
Download the guides on the ONC HealthIT website.
Strategies for Successfully Completing the SAFER Guides
Similar to the HIPAA Security Risk Assessment, completing the SAFER Guides will take time and the commitment of your team. You must complete the MIPS annual self-assessment requirements by the end of the 2024 performance year to be able to attest “Yes” to completion. Here are some practical steps to completing the SAFER Guides requirements:
Get a Head Start
Start early and create a timeline and project plan for the completion of your SAFER Guides self-assessments. The assessments are dense with information specific to different operations of your practice. You may have to refer to the applicable guide for an explanation of each assessment item.
Get Organized
Download the guides and save them in your compliance drive, where you and your team can access and collaborate on the completion of the self-assessments. Organized and secure file storage will be crucial for staying on track. Make a plan to retain your completed assessments as evidence of your compliance.
Get the Right Teams Involved
The Quality Payment Program (QPP) recommends assembling a “multi-disciplinary safety team” to complete the self-assessments. Bringing in experts from multiple domains of your practice allows you to share the effort and delegate completion of different guides to the right people.
For example, the Infrastructure Guides can be delegated to your IT team. If you do not have an internal IT team, delegate completion to a team member who regularly interfaces with your EHR vendor. They can schedule a call with your EHR vendor to review the applicable self-assessment questions.
MIPS 2024 Requirement for Completing the SAFER Guides
If you are participating in traditional Merit-based Incentive Payment System (MIPS) or MIPS Value Pathway reporting for Calendar Year 2024, chances are that you’ll be required to submit information in the Promoting Interoperability (PI) performance category.
As part of the PI category requirements, you must attest YES or NO completing the SAFER Guides measure.
Similar to the SRA requirement, you will not earn points for completing the self-assessment, but you will be penalized for not attesting “Yes” to completing the assessments in CY 2024. A blank or “No” answer do not meet the requirements.
Do You Need to Submit Evidence of SAFER Guides Completion?
You do not have to submit your assessments or any evidence that you completed the SAFER Guides when you submit your 2024 MIPS data. You simply have to attest “Yes” to completing the assessments.
However, you should plan on being able to produce your self-assessment documentation in the event of a CMS audit.
As I discussed in my recent article about Security Risk Assessments, CMS is and will continue to conduct post-performance audits of MIPS participants. If you are audited and you cannot provide proof of completing the assessments to support your positive attestation, you may face False Claims and other federal penalties. Falsely attesting to completing a requirement to receive federal reimbursement is a crime with steep penalties.
Using SAFER Guides to Promote Health IT Safety
Electronic health record management systems have significantly altered the workflows of modern medical practices, including many improvements in efficiency, data security, practice analytics, and the patient experience.
Still, the safety of your patients and their protected health information depends on proactive and rigorous security standards and risk assessment, on both a technological and a human level.
Here’s how your practice can use and build on the SAFER Guides processes as a framework for excellence in compliance:
Treat the SAFER Guides as a high priority. If you and your team thoughtfully complete the guide each year, you are taking strong measures to protect your patients’ privacy and safety. You are also taking measures to protect the health of your practice.
Take the opportunity to educate yourself and your team. The Guides provide valuable information for configuring safe systems, implementing executive oversight, and developing system resiliency. You will learn valuable information if you take the time to thoughtfully complete the self-assessments, read the guides, and implement best practices.
I predict that one day in the near future (maybe even next year), CMS will require MIPS Eligible Participants to attest to completion of the self-assessments and develop an implementation plan. Get ahead of the curve and start developing your implementation plan this year. The self-assessment worksheets have spaces for drafting your implementation plan. You will learn about the many scary gaps in your system and processes when you complete the self-assessments. Creating the implementation plan is a proactive way to assuage your fear and steer your team toward solutions.
The real value of the SAFER Guides, in my experience, is that they force your practice to think about its risk factors and implement policies, processes, procedures, and configurations for mitigating those risks.
Support for MIPS Participation
Fulfilling compliance requirements is never a one man job. It’s crucial to get the right individuals and teams involved in and supporting your compliance efforts throughout the year.
As you work toward completing MIPS requirements for 2024, remember that your EHR and practice management software can make the process more efficient. Your EHR vendor may also offer resources and guidance for successful compliance reporting.
For example, our compliance team here at Raintree—which includes yours truly—can share resources to guide clients through the successful completion of System Configuration self-assessments, and we consistently develop new content to help practices become more efficient and successful. Got a question we haven’t covered? Reach out!
Here at Raintree Systems, we help physical therapy, occupational therapy, speech-language pathology and multi-disciplinary practices grow and succeed with scalable and robust software solutions. Raintree offers the only ONC-certified EHR system designed specifically for rehab therapy. Want to learn more? Schedule a demo and learn why high-growth PT, OT, SLP, and multi-disciplinary practices choose Raintree.
Veda Collmer, JD, CIPP/US, Raintree Systems’ General Counsel, Chief Compliance Officer, brings more than 10 years of experience in health law, privacy and compliance. Veda received the Robert Wood Johnson Foundation Public Health Law Fellowship in 2012 and completed her fellowship at the Arizona State University Sandra Day O’Connor College of Law.
