We are dedicated to a high value network. Here are some of the certifications and accreditations we’ve achieved to help ensure security and trust.

ehnac hitrust_highreslogo


HITRUST CSF Certified status demonstrates that key platforms within Surescripts Enhance Prescribing and Inform Care Decisions solution structures and their supporting infrastructure have met key regulations and industry-defined requirements and are appropriately managing risk. Surescripts met more than 300 requirements in pursuit of HITRUST CSF Certified status. These include technical and process elements set forth by HIPAA, ISO, the National Institute of Standards and Technology (NIST) and Control Objectives for Information and Related Technologies (COBIT). The following platforms are included in the HITRUST CSF certification: E-Prescribing, Electronic Prescribing of Controlled Substances (EPCS), Electronic Prior Authorization, Real-Time Prescription Benefit, Medication History for Reconciliation, Insights for Medication Adherence and Medication History for Populations. This achievement places Surescripts in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. Learn more here.


A variety of factors have combined to make trust of Certificate Authorities and Digital Certificates an issue. Factors such as globalization, the anonymity of e-commerce, and an increasing reliance on complex and powerful IT systems have caused concerns among business customers and partners leading to a decline in trust. These issues are addressed with the services provided by practitioners using the Trust Services framework. Webtrust certification requires successfully passing an independent auditors evaluation of compliance to “WebTrustSM/TM Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.0” More information can be found at WebTrust.org.

Surescripts CPS

Surescripts Certificate Practices Statement is a publicly available document describing our certificate practices and policies.  This is a requirement of our Webtrust Certification but extends the transparency of our certificate practices publically.  Surescripts conducts operations as a Certificate Authority, Registration Authority, and issues digital certificates in support numerous Surescripts products including EHNAC/DirectTrust related products and mutually authenticated TLS connections to customers. View CPS


Founded in 1993, the Electronic Healthcare Network Accreditation Commission (EHNAC) is an independent, federally recognized, standards development organization and non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare. Surescripts participates in the EHNAC accreditation program to demonstrate its commitment to quality in all aspects of its healthcare technology. The EHNAC Vision states “EHNAC is the premier accreditation authority promoting standards that support interoperability, stakeholder trust, regulatory compliance, quality service, innovation, and open competition within the healthcare industry.” In addition, these accreditations show compliance with DirectTrust which connects a vast network of our connected partners utilizing Direct Messaging technologies. View the accreditation letter here

ISO 27001

Surescripts leverages best practices in Information Security to demonstrate to our customers the attention we devote to keeping our customers information secure.  Surescripts has been ISO 27001 certified since 2013 and has recently recertified in the new ISO 27001 Certificate.  What is ISO 27001? ISO/IEC 27001 is an International Standard that defines requirements for an information security management system (ISMS) which requires a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.  Organizations are certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit. More information can be found via http://www.iso.org/iso/home/standards/management-standards/iso27001.htm.

Surescript’s accreditations can be seen at https://www.ehnac.org/accredited-organizations/