The One Thing Missing from the 9 SAFER Guides for Health IT


The SAFER Guides, introduced in 2014, help healthcare organizations address EHR safety using self-assessment tools. However, the Centers for Medicare & Medicare Services (CMS) has issued a final rule requiring hospitals to complete annual SAFER assessments for fiscal year 2022. Healthcare organizations should consider a 10th SAFER Guide, addressing legacy data best practices. The guide should include checklists, tools, and scenarios to ensure accessible, usable, secure, and compliant data. Archives need a seat at the table when addressing the overall safety of health information technology.


The SAFER Guides, introduced by the Office of the National Coordinator of Health Information IT (ONC) in 2014, enable healthcare organizations to address EHR safety with self-assessment tools for their health information technology, including:


  • High Priority Practices
  • Organizational Responsibilities
  • Patient Identification
  • CPOE with Decision Support
  • Test Results Review and Follow-up
  • Clinician Communication
  • Contingency Planning
  • System Interfaces
  • System Configuration

While adoption in using the Guides varies, there is increased attention on the Guides because in Aug. 2021, the Centers for Medicare & Medicare Services (CMS) issued a final rule that requires hospitals to attest to having completed an annual SAFER assessment of all nine guides for fiscal year 2022, per the Protect Patient Health Information objective.

Proponents of this rule suggest that this is good news for patient safety and health IT as problem areas can be discovered and remedied.

We suggest that healthcare organizations consider a 10th SAFER Guide: Legacy Data Best Practices

While the SAFER Guides address EHRs that store critical patient data, they do not address archives that also store patient data, plus financial and business records.

Like the current nine guides, the Legacy Data guide could include checklists and tools to support the rationale, risk assessment, best practices, worksheets, scenarios and follow-up activities to ensure that historical clinical, business and financial data is accessible, usable, secure and compliant.

For example, there is a recommended best practice in the current Guide for System Configuration (2.2) that states:

There is a role-based access system in place to ensure that all applications, features, functions, and patient data are accessible only to users with the appropriate level of authorization.

The accompanying worksheet discusses the rationale for having role-based access to ensure users only see, enter or modify data when necessary to perform their jobs. Further, it describes how organizations are expected to configure and maintain correct associations between the roles and the functions of the EHR and maintain correct assignments of user roles.

We agree with this guideline, but argue that it extends to ALL data, including legacy data in an active archive. Our HealthData Archiver® active archive is configured with role-based security and access tracking that restricts and audits user activities by individual user, role, group and/or data source. It also includes Break the Glass capabilities.

The ONC suggests in its High Priority Practices Guide, that the potential benefits of EHRs may not be fully maximized unless the people responsible for their implementation, maintenance and use are prepared for and manage the new challenges and risks they create. They call it the “sociotechnical” focus needed to address the safety challenges and risks introduced by EHRs.

Archives need a seat at the table when looking at the overall safety of health information technology.

There are features and functions within the EHRs that should extend to archives when confirming that best practices are being followed. And, there are unique technical and security-related considerations for historical clinical, financial and operational data that need to be managed specifically in the archive.

After all, health data may spend more time in an archive than it spends in an active EHR.  

Want to learn more about legacy data and active archives?  We recommend the following resources:

  1. eBook: How to Manage Legacy Data in the Age of Information Blocking – Recognize how successful legacy data management will benefit patients and inform your team about staying compliant with information blocking mandates.
  2. Legacy Inventory Template – A helpful tool to guide the collection of all information needed about the organization’s legacy systems. This inventory is vital to support the data extraction, migration and retention process.
  3. 10 Privacy and Security Questions to Ask your Archive Vendor – to ensure you are asking the right questions to ensure your vendor partner will protect you and your data.

Considering that many organizations have 30-40 or more legacy systems that need a safe, secure and compliant long-term home for the data within their care. There are a lot of outdated systems – all of which contain critical data — that are ripe for a better long-term plan. The Harmony Healthcare IT team works with healthcare delivery organizations of all sizes to make sure data is available, reportable, researchable and interoperable. With an active archive solution you should expect to:

  • Lower costs
  • Reduce risk
  • Fortify cybersecurity defenses by decommissioning out-of-production applications
  • Make legacy data more accessible to users and patients

Our full-service legacy data management solutions: HealthData Archiver®, HealthData AR Manager®, and HealthData Locker™ are ready to help your team meet its best practices  goals for complete lifecycle data management. We’re proud to announce Black Book™ Rankings, a division of Black Book™ Market Research ranked Harmony Healthcare IT as the top Data Archiving, Data Extraction and Migration company.

We can help.

Let’s connect.

Nov 02 2021

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up