The healthcare landscape continues to evolve, shaped by new technologies, regulatory shifts, and the growing need for patient safety in clinical settings. To address these challenges, the Centers for Medicare and Medicaid Services (CMS) and the Department of Health and Human Services (HHS) have updated their Safety Assurance Factors for Electronic Health Record (EHR) Resilience (SAFER) Guides.

These updates offer a comprehensive framework for healthcare organizations to assess and optimize the safety of their EHR systems. By aligning with new regulations, including the 21st Century CURES Act, and incorporating cutting-edge practices, the 2025 SAFER Guides aim to ensure that EHR systems are both effective and secure, safeguarding patients’ health data.

Key Takeaways

CMS and HHS have updated the SAFER Guides to enhance the safety and security of electronic health record (EHR) systems in response to evolving healthcare technology and regulatory requirements.

  • The 2025 SAFER Guides streamline recommendations and address emerging trends such as artificial intelligence and cybersecurity.
  • The guides introduce new self-assessment tools and emphasize collaboration among stakeholders.
  • Updates align with the CURES Act to improve patient safety, communication, and regulatory compliance.

Why SAFER Guides matter for healthcare

EHR systems have become the backbone of modern healthcare delivery, providing critical tools for managing patient records, improving care coordination, and supporting clinical decision-making. However, these systems must be managed carefully to avoid risks such as data breaches, incorrect diagnoses, or harmful medical errors. To help healthcare organizations navigate these risks, CMS and HHS released the SAFER Guides in 2014, offering practical recommendations for EHR safety.

The 2025 update builds on the success of the previous versions, incorporating feedback from stakeholders, including clinicians with informatics training, EHR vendors, and health IT experts. These guides help healthcare providers assess their EHR systems, identify gaps in safety, and implement corrective actions to mitigate risks.

This article examines the significant updates to the 2025 SAFER Guides, the role of AI and cybersecurity in EHR safety, and the broader impact these revisions will have on healthcare organizations’ ability to ensure patient safety and regulatory compliance.

Key updates in the 2025 SAFER guides

The SAFER Guides introduce several critical updates, including structural changes, expanded topics, and enhanced tools for self-assessment. These revisions reflect the evolving healthcare environment and align with recent regulatory changes. Here are the key updates.

Streamlined structure and recommendations

One of the major changes in the latest SAFER Guides is the simplification of the content. Many of the guides have been restructured to eliminate redundant recommendations and clarify existing ones.

For example, the System Configuration and System Interfaces Guides were combined into a single System Management Guide, streamlining the process for healthcare organizations to follow. The total number of recommended practices has been reduced from 147 to 88, while the number of implementation examples has been reduced from 540 to 524. This reduction helps organizations focus on the most relevant and actionable recommendations.

Expanded topics reflecting industry trends

The updated guides also address emerging trends in the healthcare industry. These include the following.

Artificial Intelligence (AI) in clinical care: With AI playing an increasingly prominent role in healthcare, the 2025 guides emphasize how to integrate AI into EHR systems safely. The focus is on ensuring that AI tools support clinicians without compromising patient safety or creating unintended consequences.

Patient-clinician communication: In line with the CURES Act, the new SAFER Guides highlight the importance of transparent communication between patients and clinicians. This includes enhancing patient access to clinical notes and test results, thereby fostering a more informed and engaged patient population.

Cybersecurity: As cyber threats to healthcare organizations continue to rise, the 2025 guides include strengthened recommendations for enhancing cybersecurity within EHR systems. These changes are critical as healthcare providers face increasing pressure to safeguard sensitive patient data from hackers and unauthorized access.

Software testing practices: The updated guides offer enhanced recommendations for software testing, particularly related to interface testing, usability testing, and clinically relevant scenario testing. These enhancements are designed to ensure EHR systems operate effectively in real-world clinical environments, reducing the risk of errors and promoting quality patient care.

Improved self-assessment tools

The 2025 SAFER Guides introduce new tools designed to assist healthcare organizations in assessing their progress and implementing safety practices. These include a five-point rating scale to estimate adherence to implementation recommendations and a three-level evidence hierarchy to evaluate the quality of supporting evidence for each recommendation.

Additionally, the guides now feature expanded Implementation Status options. Healthcare organizations can now more precisely assess their progress, with statuses such as Making Progress, Halfway There, and Substantial Progress. A new EHR Limitation status has been added, which identifies situations where an EHR system lacks the necessary features to fully implement specific recommendations.

Collaborative assessment recommendations

The revised SAFER Guides stress the importance of collaboration when implementing best practices for EHR safety. Organizations are encouraged to involve a broader range of stakeholders in the assessment process, such as clinicians, EHR developers, and health IT support staff.

This collaborative approach ensures that all perspectives are considered when evaluating and improving EHR systems. In addition, healthcare organizations are now directed to seek input from the appropriate roles within their organization, such as clinicians with informatics training and IT experts who understand the system’s technical capabilities.

CURES Act and regulatory compliance

The 2025 updates to the SAFER Guides align with several key provisions of the CURES Act, which aims to improve interoperability, reduce data blocking, and enhance patient access to their health information. These updates are crucial for healthcare organizations looking to comply with the CURES Act’s requirements and meet the broader goals of improving patient safety, communication, and care coordination.

The CURES Act mandates that patients have easier access to their clinical records and encourages healthcare providers to integrate medical device data into their EHR systems. These changes are reflected in the 2025 SAFER Guides, which offer practical recommendations for improving data sharing between EHR systems, supporting patient access to their health information, and ensuring that patients and clinicians can communicate effectively.

EHR safety and tech integration

As healthcare organizations continue to adopt new technologies, including AI and machine learning, they must be proactive in addressing potential risks associated with these innovations. The updated SAFER Guides provide a roadmap for integrating these technologies safely into EHR systems while maintaining patient safety and privacy.

The focus on AI in Clinical Care reflects the increasing use of machine learning algorithms and decision support tools in clinical settings. These technologies have the potential to enhance care delivery by providing clinicians with real-time insights into patient conditions. However, there are risks associated with AI integration, such as algorithmic bias or errors. The updated SAFER Guides provide guidelines for assessing AI tools and ensuring they meet safety standards before being integrated into clinical workflows.

Cybersecurity is another area of focus, with healthcare organizations facing growing threats from ransomware attacks and data breaches. The 2025 guides emphasize the need for robust cybersecurity measures to protect patient data and prevent unauthorized access to sensitive information. The rise in digital health technologies also requires healthcare providers to ensure that their systems are resilient against evolving cyber threats.

Shaping the future of EHR systems

The 2025 update to the SAFER Guides represents a significant step forward in ensuring the safety, security, and effectiveness of EHR systems in the healthcare industry.

With new recommendations for AI integration, cybersecurity, and patient access to clinical data, these guides equip healthcare organizations with the tools they need to navigate an increasingly complex and technology-driven landscape. The emphasis on collaboration, self-assessment, and continuous improvement ensures that EHR systems can adapt to the evolving needs of healthcare providers and patients alike.

As healthcare organizations adopt new technologies and comply with regulatory requirements, the SAFER Guides remain a vital resource for EHR safety. By aligning with the CURES Act and fostering collaboration among clinicians, IT staff, and policymakers, they support a safer, more effective healthcare system. The future of EHR safety depends on proactive, evidence-based strategies, and the updated SAFER Guides provide the framework to guide ongoing improvements in patient care. [Reference: Awin.]