Health care organizations have experienced more data breaches in the last seven months than at that same point in all years previous – a shocking new reality for physicians who rely on electronic health records (EHRs) and other integrated technologies to care for patients.
In case of EHR difficulties resulting from such breaches, as well as from natural disasters, the Assistant Secretary for Technology Policy (ASTP) offers guidance on how physicians can continue to care for patients.
The 2025 Safety Assurance Factors for EHR Resilience (SAFER) Guides are designed to help physicians and health care organizations assess and improve the safety and effectiveness of their EHR systems. The guides consist of eight subcategories – including contingency planning in case of emergencies that can suspend a practice’s access to appointment schedules, lab results, medical records, electronic prescribing, and more.
The guides include checklists, action-based worksheets, and recommendations like:
- Ensuring disaster recovery plans for technology infrastructure critical to a practice’s operations are in place and reviewed annually;
- Having paper forms on hand in case they are needed to replace key EHR functions during downtimes;
- Creating policies and procedures are in place to accurately identify patients when preparing for, during, and after downtimes;
- Training and testing staff on downtime and recovery procedures; and
- Training physicians and staff on ransomware prevention strategies, including how to identify malicious emails and fraudulent telephone callers asking for login access or other privileged information.
As of July, the U.S. Department of Health and Human Services’ Office for Civil Rights reported 378 health care data breaches affecting 500 or more individuals in the first six months of 2025. While the figure is still fewer than the 408 reported through June in 2024, the number is still higher than all years previous.
Moreover, Dallas pediatrician Joseph Schneider, MD, reminds physicians that Texas’ hurricane season began June 1. Dr. Schneider has witnessed practice operations fail during “massive EHR downtimes” caused by severe weather. He said the 2025 SAFER Guides are a “valuable tool” for safeguarding physicians’ EHR systems during times of crisis.
“You don’t think you need it until you need it,” said the past chair of the Texas Medical Association’s Committee on Health Information Technology (HIT) and Augmented Intelligence. “The SAFER Guides get you thinking about what bad things could happen and how you can protect against them.”
Shannon Vogel, TMA’s associate vice president of HIT, adds that Merit-Based Incentive Payment System participating clinicians are required to complete an annual self-assessment of the High Priority Practices module of the SAFER Guides as part of the program’s promoting interoperability category. The self-review is an opportunity to evaluate EHR-related patient safety risks, she says.
For cybersecurity resources, training, and more, visit TMA’s Ransomware and Cybersecurity Resource Center. For information on disaster relief funds and tips for safeguarding your practice in case of emergencies, see TMA’s Disaster Preparedness & Response Resource Center.
Alisa Pierce
Reporter, Division of Communications and Marketing
(512) 370-1469