Surescripts pioneered the electronic exchange of health information between doctors, pharmacy benefit managers (PBMs), and pharmacies. Every day, healthcare providers and electronic health records (EHR) companies across the country trust Surescripts to securely share clinical and medication information on behalf of patients – a role we take very seriously.

Why is securing patient health information important to Surescripts?
Patient health information is sensitive, personal information. It is intended for use in specific care settings and by specific users, who rely on this information to ensure quality patient care. Trust in the digital transfer of health information will drive broader adoption and better data quality for the benefit of every pharmacist, doctor, and patient.

How does Surescripts ensure the security of patient information?
Our philosophy is “defense in depth” meaning that we have multiple overlapping safeguards to better defend against many different types of threats and attacks. Our safeguards include administrative, physical and technical steps to protect the confidentiality and integrity of the patient information we share among healthcare professionals.


The information that crosses the Surescripts network is critical to patient care, so it's important that we maintain extremely high levels of privacy and security. Our network infrastructure was built to manage security and privacy risks at all levels. Combined with the strong network governance we’ve established over the past two decades, our privacy and security safeguards establish the conditions needed for interoperability to thrive.

  • Surescripts protects the privacy and security of personal health information in accordance with applicable data protection laws, including HIPAA.
  • Our contractual agreements include strict privacy and security requirements to prevent unlawful use or disclosure of personal health information.
  • Surescripts ensures HIPAA compliance and network security with continuous real-time monitoring and a security infrastructure designed for high-transaction-rate auditing.
  • Recurring security audits are performed by independent auditing entities to maintain the integrity of the Surescripts network and provide peace of mind to patients and those who care for them.


The Surescripts Network Alliance is governed by a web of contractual chains of trust and governance, certification and implementation requirements, ongoing compliance and enforcement activities and continued flexibility and responsiveness to industry needs.

Through the network governance we’ve established over the past two decades—and the thousands of legal agreements and partnerships we manage—we’re successfully enabling interoperability and high-quality communications across the Surescripts Network Alliance.


Surescripts is certified and accredited by a number of leading security and privacy organizations and standards bodies, including HITRUST, the Electronic Healthcare Network Accreditation Commission (EHNAC) and Webtrust. These are nationally recognized organizations that provide independent peer evaluation of an organization's ability to perform at industry-established levels within the healthcare electronic network industry.

Surescripts participates in an annual SOC 2 type 2 report, issued by an independent AICPA audit firm, which assesses Surescripts’ service organization’s solutions and the suitability of the design and operating effectiveness of controls and compliance with the three trust principles: Security, Availability, and Confidentiality.

ehnac logo hitrust_logo AICPA_SOC_2_TYPE_II_logo


See what it takes to build the nation’s most trusted and capable health information network.

Read Article
5952_400x700_IIA article Interoperability Building Blocks - feature graphic_FNL

The Trust Series: A Critical Part of Today's Healthcare

What happens without trust in today's healthcare? Learn from experts on the importance of trust, protecting patient data and the multi-layered trust fabric that secures the Surescripts network.