Surescripts understands the importance of respecting the privacy and confidentiality of personal health information. Surescripts gives healthcare providers secure, electronic access to prescription information that can save their patients' lives and reduce the cost of healthcare for all. Available during emergencies or routine care, the Surescripts network is used by authorized prescribers nationwide to exchange health information and prescribe without paper. Surescripts handles personal health information in connection with activities undertaken to fulfill this mission. This privacy policy ("Privacy Policy") describes how Surescripts handles personal health information.


Surescripts operates a network to allow for the secure and reliable movement of electronic clinical health information between different health information systems while maintaining the meaning of the information being exchanged. Through the Surescripts network, authorized prescribers and pharmacies can gain access to prescription information and related information for use in providing clinical care to patients. This Privacy Policy explains how Surescripts handles personal health information maintained, transmitted, and otherwise made available by Surescripts via its network.

How the Surescripts network is used. Surescripts provides various services to prescribers and pharmacists who connect to its network. Core services include Prescription Benefit, Prescription History, and Prescription Routing services:

  • Prescription Benefit service. The Prescription Benefit service allows prescribers to gain ready access to formularies and other benefits information so they may make more informed clinical decisions. To provide this service, Surescripts works with pharmacy benefit managers and payers (like HMOs and other insurers) to offer prescribers access to their patients' drug benefit information in real time during office visits.
  • Medication History service. The Medication History service allows prescribers and pharmacists to use the Surescripts network to access a patient's medication history across providers, at the point of care. This service can be used in the course of providing routine care, as well as during emergencies (like natural disasters). In both cases, Medication History enables health care providers to make a more informed clinical decision. To provide this service, Surescripts securely connects to a patient's medication history data stored in the databases of community pharmacies and pharmacy benefit managers. Surescripts then presents that data to prescribers through software from a certified vendor. Surescripts requires that a prescriber obtain all necessary patient consents, including those required by all applicable federal and state laws and regulations, prior to electronically accessing a patient's medication history.
  • Prescription Routing service. The Prescription Routing service allows pharmacies and prescribers to exchange prescription information electronically, for both new prescriptions and refills. The Prescription Routing service also allows for the exchange of prescription information for refills. Physicians desiring paperless prescribing may opt for the full Prescription Routing service, while those preferring to write new prescriptions by hand but transmit and respond to refill requests electronically may opt for renewals part of the Prescription Routing service. Surescripts makes this service available by providing a secure and reliable connection between prescriber computers and pharmacy computers.
  • National Record Locator Service. The National Record Locator Service (NRLS) allows health care providers to see where a patient may have previously  received care and to retrieve certain clinical records from those locations for treatment-related purposes. When a provider requests information about a patient’s previous locations of care though NRLS, the Service uses a Master Patient Index of participating patients to identify the patient’s previous care locations using Medication History data and Prescription Routing transactions previously sent via the Surescripts’ network. The requesting provider will receive a list of the patient’s past care locations and can then request records from those past care locations.  NRLS can also facilitate the electronic  retrieval of patient records from the past care locations on behalf of the requesting provider. Surescripts requires that the requesting provider obtain all necessary patient consents, including those required by all applicable federal and state laws and regulations, prior to requesting information through NRLS.  Surescripts also permits patients to opt out of participating in the NRLS system; requests to opt out should be directed to the patient’s health care provider.

How the Surescripts network is not used. Surescripts does not mine personal health information available via the Surescripts network, either for Surescripts' own purposes or for the purposes of third parties. Surescripts does not rent or sell personal health information available via the Surescripts network. Surescripts also has taken steps to prevent third parties from using the system to influence physician prescribing decisions inappropriately. Similarly, Surescripts has implemented procedures designed to respect a patient's pharmacy choice. Physicians connecting to the Surescripts network will not receive commercial messaging (like advertisements from pharmaceutical companies or other third parties) at the point of care. All prescribing applications certified to connect to the Surescripts network are required to abide by these rules, and only technology companies that agree with this philosophy are allowed to connect.

The Surescripts network. Surescripts has, on limited occasion, at the request and with the authorization of connected Covered Entities, made data available to public health authorities and IRB authorized researchers in accordance with applicable law.

How Surescripts safeguards personal health information. Maintaining the privacy and security of personal health information maintained, transmitted, or otherwise made available via the Surescripts network is vitally important to us. Surescripts has implemented appropriate privacy safeguards to prevent unlawful use or disclosure of personal health information. Surescripts has implemented administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic personal health information that it receives, maintains, or transmits. Examples of these safeguards include:

  • Vendor certification process. Prescribers, pharmacies, and PBMs may only connect to the Surescripts network if they use software or systems that have been certified by Surescripts. Surescripts works with technology vendors to certify their products for connection to the Surescripts network. This process promotes a vendors ability to send and receive supported electronic messages, and that the solution is providing open choice for medication selection and dispensing location. This process also promotes that the technology systems work in accordance with industry-accepted standards for the electronic exchange of prescription data between physicians and pharmacies. Once a vendor completes the process, it is added to the list of certified vendors that the Surescripts maintains and make available to physicians and pharmacies.
  • Use of appropriate technologies. Surescripts and those who connect to the network use secure connections in accordance with applicable law and industry standards.
  • Audits. Recurring security audits of the system are performed by independent auditing entities.

EHNAC Accreditation. Surescripts is accredited by the Electronic Healthcare Network Accreditation Commission ("EHNAC"), which is a nationally recognized nonprofit accrediting agency that provides independent peer evaluation of an organization's ability to perform at industry-established levels within the healthcare electronic network industry.


If you have any questions, comments or concerns about this Privacy Policy or Surescripts' handling of personal health information, please contact us at:

Chief Privacy Officer 
Surescripts, LLC 
2800 Crystal Dr 
Arlington, VA 22202 

Chief Information Security Officer
Surescripts, LLC
920 2nd Avenue South
Minneapolis, MN 55402