Certifications And Accreditations

Surescripts is dedicated to a secure, trusted, high value network.

accredidations_03112021 hitrust_logo AICPA_SOC_2_TYPE_II_logo


HITRUST CSF Certified status demonstrates that key platforms within Surescripts Enhance Prescribing and Inform Care Decisions solution structures and their supporting infrastructure have met key regulations and industry-defined requirements and are appropriately managing risk. Surescripts met more than 300 requirements in pursuit of HITRUST CSF Certified status. These include technical and process elements set forth by HIPAA, ISO, the National Institute of Standards and Technology (NIST) and Control Objectives for Information and Related Technologies (COBIT). The following platforms are included in the HITRUST CSF certification: E-Prescribing, Electronic Prescribing of Controlled Substances (EPCS), Electronic Prior Authorization, Real-Time Prescription Benefit, Medication History for Reconciliation, Insights for Medication Adherence and Medication History for Populations. This achievement places Surescripts in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

Surescripts CPS

Surescripts Certificate Practices Statement is a publicly available document describing our certificate practices and policies.  This is a requirement of the Webtrust for Certification Authorities but also extends the transparency of our certification practices publicly.  Surescripts conducts operations as a Certificate Authority, Registration Authority, and issues digital certificates in support numerous Surescripts products including DirectTrust related products and mutually authenticated TLS connections to customers.


Founded in 1993, the Electronic Healthcare Network Accreditation Commission (EHNAC) is an independent, federally recognized, standards development organization and non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare. Surescripts participates in the EHNAC accreditation program to demonstrate its commitment to quality in all aspects of its healthcare technology. The EHNAC Vision states “EHNAC is the premier accreditation authority promoting standards that support interoperability, stakeholder trust, regulatory compliance, quality service, innovation, and open competition within the healthcare industry.”


DirectTrust accreditations show compliance with DirectTrust which connects a vast network of our connected partners utilizing Direct Messaging technologies using the Direct Standard. Surescripts is accredited for its Health Information Service Provider (HISP), Registration Authority (RA) and Certificate Authority (CA) operations in support of DirectTrust messaging for Clinical Direct Messaging and related customer solutions


Surescripts participates in an annual SOC 2 type 2 report, issued by an independent AICPA audit firm, which assesses Surescripts’ service organization’s solutions and the suitability of the design and operating effectiveness of controls and compliance with the three trust principles: Security, Availability, and Confidentiality.