Surescripts understands the importance of respecting the privacy
and confidentiality of personal health information. Surescripts
gives healthcare providers secure, electronic access to
prescription information that can save their patients' lives and
reduce the cost of healthcare for all. Available during emergencies
or routine care, the Surescripts network is used by authorized
prescribers nationwide to exchange health information and prescribe
without paper. Surescripts handles personal health information in
connection with activities undertaken to fulfill this mission. This
personal health information.
HOW SURESCRIPTS HANDLES PERSONAL HEALTH INFORMATION
How the Surescripts network is used. Surescripts provides various services to prescribers and pharmacists who connect to its network. Core services include Prescription Benefit, Prescription History, and Prescription Routing services:
- Prescription Benefit service. The Prescription Benefit service allows prescribers to gain ready access to formularies and other benefits information so they may make more informed clinical decisions. To provide this service, Surescripts works with pharmacy benefit managers and payers (like HMOs and other insurers) to offer prescribers access to their patients' drug benefit information in real time during office visits.
- Medication History service. The Medication History service allows prescribers and pharmacists to use the Surescripts network to access a patient's medication history across providers, at the point of care. This service can be used in the course of providing routine care, as well as during emergencies (like natural disasters). In both cases, Medication History enables health care providers to make a more informed clinical decision. To provide this service, Surescripts securely connects to a patient's medication history data stored in the databases of community pharmacies and pharmacy benefit managers. Surescripts then presents that data to prescribers through software from a certified vendor. Surescripts requires patient consent as part of the process a prescriber must go through each time they electronically access a patient's medication history. If a request for medication history is sent to Surescripts and the patient consent flag is not set, Surescripts rejects the request.
- Prescription Routing service. The Prescription Routing service allows pharmacies and prescribers to exchange prescription information electronically, for both new prescriptions and refills. The Prescription Routing service also allows for the exchange of prescription information for refills. Physicians desiring paperless prescribing may opt for the full Prescription Routing service, while those preferring to write new prescriptions by hand but transmit and respond to refill requests electronically may opt for renewals part of the Prescription Routing service. Surescripts makes this service available by providing a secure and reliable connection between prescriber computers and pharmacy computers.
How the Surescripts network is not used.
Surescripts does not mine personal health information available via
the Surescripts network, either for Surescripts' own purposes or
for the purposes of third parties. Surescripts does not rent or
sell personal health information available via the Surescripts
network. Surescripts also has taken steps to prevent third parties
from using the system to influence physician prescribing decisions
inappropriately. Similarly, Surescripts has implemented procedures
designed to respect a patient's pharmacy choice. Physicians
connecting to the Surescripts network will not receive commercial
messaging (like advertisements from pharmaceutical companies or
other third parties) at the point of care. All prescribing
applications certified to connect to the Surescripts network are
required to abide by these rules, and only technology companies
that agree with this philosophy are allowed to connect.
The Surescripts network. Surescripts has, on limited occasion, at the request and with the authorization of connected Covered Entities, made data available to public health authorities and IRB authorized researchers in accordance with applicable law.
How Surescripts safeguards personal health information. Maintaining the privacy and security of personal health information maintained, transmitted, or otherwise made available via the Surescripts network is vitally important to us. Surescripts has implemented appropriate privacy safeguards to prevent unlawful use or disclosure of personal health information. Surescripts has implemented administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic personal health information that it receives, maintains, or transmits. Examples of these safeguards include:
- Vendor certification process. Prescribers, pharmacies, and PBMs may only connect to the Surescripts network if they use software or systems that have been certified by Surescripts. Surescripts works with technology vendors to certify their products for connection to the Surescripts network. This process promotes a vendors ability to send and receive supported electronic messages, and that the solution is providing open choice for medication selection and dispensing location. This process also promotes that the technology systems work in accordance with industry-accepted standards for the electronic exchange of prescription data between physicians and pharmacies. Once a vendor completes the process, it is added to the list of certified vendors that the Surescripts maintains and make available to physicians and pharmacies.
- Use of appropriate technologies. Surescripts and those who connect to the network use secure connections in accordance with applicable law and industry standards.
- Audits. Recurring security audits of the system are performed by independent auditing entities.
EHNAC Accreditation. Surescripts is accredited by the Electronic Healthcare Network Accreditation Commission ("EHNAC"), which is a nationally recognized nonprofit accrediting agency that provides independent peer evaluation of an organization's ability to perform at industry-established levels within the healthcare electronic network industry.
Chief Privacy Officer
2800 Crystal Dr
Arlington, VA 22202