Overview

Committed to network integrity

Our Network Integrity Framework guides us in managing access to the Surescripts network, enforcing rigorous security standards and continuously raising the bar for content accuracy and completeness.

The success of these areas is made possible by our dedication to compliance. Our risk-responsive Corporate Compliance Program, whose framework is inspired by the principles of the Office of Inspector General for U.S. Department of Health and Human Services’ compliance program guidance, is tailored to our organization’s compliance risks and business model to encourage our continued adherence to all relevant federal and state laws and regulations. Our program is designed to prevent, detect, and correct legal and regulatory noncompliance and ethical violations across our organization.

Network Integrity Framework

Safeguarding the Surescripts Network Alliance

controlled access

Access

We manage access to our network and transmit only the data needed for agreed-upon use cases.

Network access

Our Network Access Management program verifies that customers are accessing and using the Surescripts network in accordance with the agreed-upon use cases and guardrails in their contracts.

Misuse detection

Machine learning helps identify potential product misuse in near real time.

HIPAA compliance

Surescripts protects the privacy of personal health information on our network in accordance with applicable data protection laws, including HIPAA.

Privileges policy

We employ a rigorous network access privileges policy and vet use cases to protect data and enable network users to access and transmit data appropriately.

industry leading security

Security

We set rigorous standards for ourselves and for our Network Alliance partners, fostering an environment that’s ever more secure.

Certifications

Surescripts is certified and accredited by leading security and privacy organizations and standards, including HITRUST, the Electronic Healthcare Network Accreditation Commission (EHNAC) and DirectTrust.

Identity proofing

Rigorous identity-proofing protocols help protect patient data.

Security program

Administrative, physical and technical safeguards protect the integrity of the personal health information on our network, aided by an extensive vendor certification process and recurring audits.

Security audits

An annual SOC 2 type 2 report from an independent audit firm assesses the design and effectiveness of our controls and compliance with three principles: security, availability and confidentiality.

performance

Performance

We continuously raise the bar for content accuracy and completeness, investing in programs and working across the Network Alliance to improve the reliability and usability of the network.

Performance Optimization

Our Performance Optimization program convenes stakeholders from across the Network Alliance to continually boost data accuracy and completeness. Our networkwide Quality Index Score has improved more than 200% since 2016.1

 

Prescription accuracy monitoring

Our automated system measures the accuracy of the billions of electronic prescriptions processed by Surescripts each year.

Superior availability

Multiple data centers around the country along with rigorous technical and operational standards enable the Surescripts network to operate with 99.99% uptime.

Performance reporting

We measure and share dimensions of performance so that we and our partners can spot issues, set ambitious goals and keep optimizing.

Surescripts Completes Settlement with Federal Trade Commission

As of July 27, 2023, Surescripts has agreed to settlement terms with the Federal Trade Commission (FTC), constituting the completion of all issues raised in the complaint brought by the FTC in early 2019. Read the news release, letter to our customers and the Stipulated Order to learn more.

Patient Privacy

Putting patient privacy first

The Surescripts network is built to protect privacy and confidentiality. We transmit personal health information in accordance with HIPAA and the strict privacy and security requirements in our contractual agreements with Network Alliance partners.

Why it Matters

A network built to advance your goals

  • Chain pharmacies
  • EHR vendors
  • Healthcare analytics vendors
  • Health plans
  • Health systems
  • Long term post acute care
  • Patient access vendors
  • PBMs
  • Pharmacy technology vendors
  • Specialty pharmacies
chain pharmacies

Deliver prompt, safe, affordable care

The Surescripts Network Integrity Framework sets the highest standard yet for the security of our network and the quality of our products—all while maintaining high regulatory compliance standards. Working with you and other Network Alliance participants, we’re continually raising the bar for access, security and performance across our network. It’s a key part of how we’re helping you deliver safer care promptly, at prices patients can afford.

ehrs

Expedite access to reliable data

Providers need efficient access to reliable data for superior patient care, and our Network Integrity Framework helps ensure you can deliver that access. We’re working across the Surescripts Network Alliance to continually raise the bar for access, security and performance for our network and the data it carries. And our Corporate Compliance Program aligns our compliance standards with those of our EHR partners.

healthcare analytic vendors

Expedite access to reliable data

Population health teams need efficient access to reliable data for superior patient care, and our Network Integrity Framework helps ensure you can deliver that access. We’re working across the Surescripts Network Alliance to continually raise the bar for access, security and performance for our network and the data it carries. And our Corporate Compliance Program aligns our compliance standards with those of our healthcare analytics vendor partners.

health plans2x (1)

Reduce costs and improve member experience

With the Surescripts Network Integrity Framework, we’re setting the highest standard yet for the security of our network and the quality of our products. We monitor activity across the Surescripts Network Alliance, managing access and transmitting only the data needed for agreed-upon use cases. So while we continue to help you reduce costs and improve member experiences, we’re raising the bar higher than ever on access, security and performance—all while maintaining high regulatory compliance standards.

health systems

Deliver the best possible patient experience

The Surescripts Network Integrity Framework sets the highest standard yet for the quality of our products and the protection of patient data—all while maintaining high regulatory compliance standards. We’re working across the Surescripts Network Alliance to continually raise the bar for the performance of our network and protect the privacy of the personal health information it carries. It’s a key part of how we’re helping you increase efficiency and deliver the best possible patient experience.

long term post acute care

Expedite access to reliable data

Long-term & post-acute care providers need efficient access to reliable data for superior patient care, and our Network Integrity Framework helps ensure you can deliver that access. We’re working across the Surescripts Network Alliance to continually raise the bar for access, security and performance for our network and the data it carries. And our Corporate Compliance Program aligns our compliance standards with those of our long-term & post-acute care partners.

patient access vendors2x (1)

Improve efficiency and the patient experience

The Surescripts Network Integrity Framework sets the highest standard yet for the quality of our products and the protection of patient data—all while maintaining high regulatory compliance standards. We’re working across the Surescripts Network Alliance to continually raise the bar for the performance of our network and protect the personal health information it carries. It’s a key part of how we’re helping you gain efficiency and build the best possible patient experience.

PBMs2x (1)

Share your insights securely

Through the Surescripts Network Integrity Framework, we’re working with you and across the Surescripts Network Alliance to continually improve access, security and performance for our network—bringing tight control to your data as we pass the expertise you’ve built along to those who need it to enhance prescribing and make informed care decisions.

pharmacy tech vendors

Supporting safe, affordable pharmacy care

Through the Surescripts Network Integrity Framework, we’re setting the highest standard yet for the security of our network and the quality of our products—all while maintaining high regulatory compliance standards. Working with you and other Network Alliance participants, we’re continually raising the bar for access, security and performance across our network. It’s a key part of how we’re helping your customers deliver safer care promptly, at prices patients can afford.

specialty pharmacies

Supporting safe, affordable pharmacy care

Through the Surescripts Network Integrity Framework, we’re setting the highest standard yet for the security of our network and the quality of our products—all while maintaining high regulatory compliance standards. Working with you and other Network Alliance participants, we’re continually raising the bar for access, security and performance across our network. It’s a key part of how we’re helping your customers deliver safer care promptly, at prices patients can afford.

FAQS

Your questions, answered

What is Surescripts doing to improve prescription accuracy?

The Surescripts Network Alliance continuously works to improve data quality for the benefit of every pharmacist, prescriber and patient. 

Our automated system measures the accuracy of the billions of electronic prescriptions processed by Surescripts each year. We've improved our network-wide Quality Index Score for electronic prescriptions by more than 200% since 2016. The Surescripts White Coat Award™ recognizes EHRs, health systems and pharmacy industry leaders that have taken meaningful steps to improve e-prescription accuracy. See our Insights section for updates on our work to improve prescription accuracy.

What is the Surescripts Performance Optimization program?

Our Performance Optimization program regularly convenes hundreds of stakeholders from across the Surescripts Network Alliance to identify and implement solutions for some of the most pressing e-prescribing pain points. Program initiatives include prescription accuracy, process improvements, adoption acceleration and directory integrity.

Who participates in the Performance Optimization program?

We regularly convene more than 200 stakeholders from across the Surescripts Network Alliance to identify, plan and execute critical performance improvements to enhance patient safety and workflow efficiency.

What information does Surescripts store?

Surescripts stores basic demographic information, provided by healthcare providers, for purposes of patient matching and dentification. 

  • Patient demographics include:
  • Patient ID/Medical Record Number
  • Patient name: first, middle, last, prefix, suffix
  • Patient address line 1 & 2
  • Patient city, state, zip
  • Patient date of birth
  • Patient gender 

If a patient has chosen to opt out of Surescripts Record Locator & Exchange, this demographic information will still be stored in the Surescripts database in order to ensure information is not exchanged. 

Surescripts does not store clinical records. Clinical records are stored and maintained by healthcare providers. Surescripts simply provides secure electronic transmission of records between providers. To learn more about how Surescripts protects and uses information, please visit our Privacy Notice  and Website User Agreement.

 

What steps does Surescripts take to ensure patient privacy and security?

During the admission process, patient consent and HIPAA notification are standard processes, especially for purposes of treatment, healthcare operations, or payment. All queries and responses are made automatically through secured system to system communications. The response is returned to a patient record in a clinical setting and role based security determines which personnel have access to the information. Surescripts also contractually requires all certified software vendors to follow local, state and federal level privacy and security requirements.

Is Surescripts HIPAA compliant?

Surescripts is a HIPAA Business Associate and must comply with HIPAA standards. At Surescripts, we are committed to respecting patients' rights to maintain the privacy of their health information and ensuring appropriate security of all protected health information.

How does Surescripts safeguard personal health information?

Protecting the security and confidentiality of personal health information is of extreme importance to Surescripts. To read how we go about this, check out our privacy notice.

What is identity proofing?

Identity proofing, also known as ID proofing, is the process of verifying that people are who they claim to be. ID proofing is a common practice across industries, including such common tasks as renewing a driver's license, securing new employment, or opening a bank account. Identity proofing, including both in- person and remote ID proofing, is critically important as the first step for the secure electronic exchange of health information.

There are a number of reasons EHR vendors and aggregators should ensure the identity of their customers:

  • Growing public concern regarding privacy and security of personal health information
  • Industry best practices for information security
  • Refusal by business partners to conduct business
  • Legal implications under federal and state laws

Possible breach of contract liability and suspension of services under a connectivity agreement with Surescripts

Insights

Keep pace with healthcare innovation

Footnotes:
  1. Surescripts' Quality Index Score measures the effective use of key elements of electronic prescriptions, such as Drug Description, Days Supply, and Potency Unit Code. Surescripts, "2019 National Progress Report,” April 2020, and "2022 National Progress Report", March 2023.
Read More