Skip Navigation LinksSAQ40

The success of a health information technology (IT) safety program hinges on the ability of system users to recognize, react to, and report health IT-related events for analysis and action (e.g., vendor reporting, PSO reporting, vendor modifications). Two overarching factors support a health IT safety program: the organization's culture of safety and the ability to "do the right thing, even if it's not standard procedure," Christoph Lehmann, MD, FACMI, FAAP, professor of pediatrics and biomedical informatics, Vanderbilt University School of Medicine, said to participants at the September 16, 2016, meeting of the Partnership for Health IT Patient Safety.

Once an event is identified and reported to the appropriate parties, it can be analyzed and solutions can be developed. A health IT safety program also allows for feedback, which meeting participants identified as a key component to the safe and effective implementation and use of health IT. The provision of feedback about health IT-related issues and the actions taken within a provider organization can be accomplished in different ways; for example, two methods mentioned during the meeting were communication by managers to staff and the distribution of information on a dashboard. Vendors typically distribute information in regular or special publications, as appropriate.

A health IT safety program within a provider organization requires support from all levels of the organization, including leadership and patients, as well as vendors. Executive walkrounds and proactive patient queries can help crystallize staff members' reported concerns or demonstrate the effects of implemented solutions. Such proactive knowledge can help prioritize safety interventions and vendor actions.

Use this self-assessment questionnaire in conjunction with the following resources to review and further develop an effective health information technology (IT) safety program. Then, use the attached action plan template to track resulting projects, initiatives, and reviews.

* Some materials are included in memberships to ECRI Institute products and services. For information about these reports, contact

HRC Self-Assessment Questionnaires (SAQs) can be used to identify compliance with best practices and opportunities for improvement. They include questions based on laws, regulations, standards, professional society guidelines and statements, and best practices identified by the clinical literature. Each SAQ also includes an Action Plan to help document next steps and responsible parties.

SAQs are available both as PDFs, for use as-is, or as Microsoft Word documents, which can be edited to suit your organization's custom needs, such as by adding questions regarding local or state requirements that may not be represented.

HRC recommends completing this SAQ annually and whenever significant organizational changes occur.

Topics and Metadata


Technology Management; Health Information Technology


Hospital Inpatient; Ambulatory Care Center; Physician Practice; Emergency Department; Hospital Outpatient

Clinical Specialty



Information Technology (IT) Personnel; Clinical Practitioner; Corporate Compliance Officer; Nurse; Patient Safety Officer; Risk Manager; Quality Assurance Manager; Regulator/Policy Maker

Information Type


Phase of Diffusion


Technology Class


Clinical Category



SourceBase Supplier

Product Catalog


ICD 9/ICD 10






Publication History

​Published February 27, 2017

Who Should Read This

​Chief medical officer, Critical care, Health information management, Information technology, Nursing, Patient safety officer, Pharmacy, Risk manager

Related Resources