Network integrity

Here’s how we continuously protect and improve the access, security and performance of the Surescripts network and the data it carries.

Our commitment

We’re committed to being a trustworthy partner in simplifying intelligence sharing with all participants in the Surescripts Network Alliance®.

All of our solutions rest on the power of the Surescripts Network Alliance and our network itself, which is built to maintain industry-leading reliability, security and scalability.

Our Network Integrity Framework continuously protects and improves the access, security and performance of our network and the data it carries.

Using our unique central sightline into network activity at scale, we proactively safeguard the Network Alliance. We monitor activity and take action when needed, working to uphold our commitments to our partners.

Network Integrity Framework

Our Network Integrity Framework guides us in managing access to the Surescripts network, enforcing rigorous security standards and continuously raising the bar for content accuracy and completeness.

The success of these areas is made possible by our dedication to compliance. Our risk-responsive Corporate Compliance Program, whose framework is inspired by the principles of the Office of Inspector General for U.S. Department of Health and Human Services’ compliance program guidance, is tailored to our organization’s compliance risks and business model to encourage our continued adherence to all relevant federal and state laws and regulations. Our program is designed to prevent, detect, and correct legal and regulatory noncompliance and ethical violations across our organization.


We manage access to our network and transmit only the data needed for agreed-upon use cases.


We set rigorous standards for ourselves and for our Network Alliance partners, fostering an environment that’s ever more secure.


We continuously raise the bar for content accuracy and completeness, working with our Network Alliance partners to improve the reliability and usability of the network.

What is Surescripts?

Find out how Surescripts makes it possible to safely and securely exchange health information nationwide.

Our Code of Conduct

Surescripts is committed to creating and maintaining a culture that reinforces and practices the highest ethical principles. This Code of Conduct applies to all Surescripts board members, employees, and, where applicable, contractors.

Learn more


What is Surescripts doing to improve prescription accuracy?

The Surescripts Network Alliance continuously works to improve data quality for the benefit of every pharmacist, prescriber and patient.

Surescripts Sentinel® is an automated system that measures the accuracy of the billions of electronic prescriptions processed by Surescripts each year. We've improved our network-wide Quality Index Score for electronic prescriptions by more than 80% since 2016. The Surescripts White Coat Award™ recognizes EHRs, health systems and pharmacy industry leaders that have taken meaningful steps to improve e-prescription accuracy.

See our Intelligence in Action portal for updates on our work to improve prescription accuracy.

What is the Surescripts Performance Optimization program?

Our Performance Optimization program regularly convenes hundreds of stakeholders from across the Surescripts Network Alliance to identify and implement solutions for some of the most pressing e-prescribing pain points. Program initiatives include prescription accuracy, process improvements, adoption acceleration and directory integrity.

Who participates in the Performance Optimization program?

We regularly convene more than 200 stakeholders from across the Surescripts Network Alliance to identify, plan and execute 11 critical performance improvements to enhance patient safety and workflow efficiency.

What information does Surescripts store?

Surescripts stores basic demographic information, provided by healthcare providers, for purposes of patient matching and identification. Patient demographics include:

  • Patient ID/Medical Record Number
  • Patient name: first, middle, last, prefix, suffix
  • Patient address line 1 & 2
  • Patient city, state, zip
  • Patient date of birth
  • Patient gender

If a patient has chosen to opt out of Surescripts Record Locator & Exchange, this demographic information will still be stored in the Surescripts database in order to ensure information is not exchanged.

Surescripts does not store clinical records. Clinical records are stored and maintained by healthcare providers. Surescripts simply provides secure electronic transmission of records between providers. To learn more about how Surescripts protects and uses information, please visit our Privacy Policy and Terms of Use.

What steps does Surescripts take to ensure patient privacy and security?

During the admission process, patient consent and HIPAA notification are standard processes, especially for purposes of treatment, healthcare operations, or payment. All queries and responses are made automatically through secured system to system communications. The response is returned to a patient record in a clinical setting and role based security determines which personnel have access to the information. Surescripts also contractually requires all certified software vendors to follow local, state and federal level privacy and security requirements.

Is Surescripts HIPAA compliant?

Surescripts is a HIPAA Business Associate and must comply with HIPAA standards. At Surescripts, we are committed to respecting patients' rights to maintain the privacy of their health information and ensuring appropriate security of all protected health information.

How does Surescripts safeguard personal health information?

Protecting the security and confidentiality of personal health information is of extreme importance to Surescripts. To read how we go about this, check out our privacy policy.

What is identity proofing?

Identity proofing, also known as ID proofing, is the process of verifying that a person is who he or she claims to be. ID proofing is a common practice across industries, including such common tasks as renewing a driver's license, securing new employment, or opening a bank account. Identity proofing, including both in-person and remote ID proofing, is critically important as the first step for the secure electronic exchange of health information.

There are a number of reasons EHR vendors and aggregators should ensure the identity of their customers:

  • Growing public concern regarding privacy and security of personal health information
  • Industry best practices for information security
  • Refusal by business partners to conduct business
  • Legal implications under federal and state laws
  • Possible breach of contract liability and suspension of services under a connectivity agreement with Surescripts