Data security you can count on

At Surescripts, we’re committed to increasing patient safety, lowering costs and ensuring quality care—and that starts with our network. We set rigorous standards for ourselves and our Network Alliance partners to foster a secure, trusted environment. Our certifications and accreditations help ensure that all the patient information that crosses our network is exceptionally well protected.


HITRUST Certified Status

HITRUST CSF Certified status demonstrates that key platforms within Surescripts solutions and their supporting infrastructure have met key regulations and industry-defined requirements and are appropriately managing risk. Surescripts met more than 300 requirements in pursuit of HITRUST CSF Certified status.

Surescripts CPS

Surescripts Certification Practice Statement

Surescripts Certification Practice Statement is a publicly available document describing our certificate practices and policies. This is a requirement of the Webtrust for Certification Authorities but also extends the transparency of our certification practices publicly. Surescripts conducts operations as a Certificate Authority, Registration Authority, and issues digital certificates in support of numerous Surescripts products including DirectTrust related products and mutually authenticated Transport Layer Security (TLS) connections to customers.


Electronic Healthcare Network Accreditation Commission

Founded in 1993, the Electronic Healthcare Network Accreditation Commission (EHNAC) is an independent, federally recognized, standards development organization and non-profit accrediting body designed to improve transactional quality, operational efficiency and data security in healthcare. Surescripts participates in the EHNAC accreditation program to demonstrate its commitment to quality in all aspects of its healthcare technology. The EHNAC Vision states “EHNAC is the premier accreditation authority promoting standards that support interoperability, stakeholder trust, regulatory compliance, quality service, innovation, and open competition within the healthcare industry.”

1198 3 Certification and Accred DirectTrust

Compliance with DirectTrust

DirectTrust accreditations show compliance with DirectTrust which connects a vast network of our connected partners utilizing Direct Messaging technologies using the Direct Standard. Surescripts is accredited for its Health Information Service Provider (HISP), Registration Authority (RA), Certificate Authority (CA) and Privacy & Security operations in support of DirectTrust messaging for Clinical Direct Messaging and related customer solutions.

AICPA SOC2 Type2 Image

SOC 2 Type II

Surescripts participates in an annual Service Organization Controls (SOC) 2 type II report, issued by an independent American Institute of CPAs (AICPA) audit firm, which assesses Surescripts’ service organization’s solutions and the suitability of the design and operating effectiveness of controls and compliance with the three trust principles: security, availability and confidentiality.