Back to Resources

Surescripts® Prior Authorization Portal Frequently Asked Questions (FAQs)

​​​​These FAQs were developed to answer questions about the transition from CoverMyMeds to the Surescripts Prior Authorization Portal (Surescripts) for electronic prior authorizations (ePA), effective August 1, 2025.

General

  1. When will CoverMyMeds no longer be accepted for Independence Blue Cross (IBX) members?
    Effective August 1, 2025, CoverMyMed​s will no longer be accepted for IBX members.

  2. What platform should be used for ePA processing for IBX members after August 1, 2025?
    IBX is now using Surescripts Integrated ePA Solutions (Surescripts). All ePAs for IBX members must now be submitted through Surescripts. Surescripts is a secure online platform that enables prescribers and their staff to electronically submit and manage prescription prior authorization requests with insurance companies. See question 6 for information on how to register.

  3. What should I do if I'm having issues with the verification process?
    If you need help signing up for Surescripts, you can submit a ticket or call 1-866-797-3239, Monday through Friday, 8 a.m. to 8 p.m., E T.

  4. Does Surescripts protect patient information and comply with the Health Insurance Portability and Accountability Act (HIPAA)?
    Yes. Surescripts securely transmits personal health information in compliance with HIPAA and the stringent privacy and security requirements outlined in its contracts with health care organizations. It strictly controls access to its network, transmitting only the necessary data for agreed-upon use cases, and requires multifactor authentication for all users.

  5. What happens if submissions are made through CoverMyMeds after August 1, 2025?
    We stopped accepting ePA submissions through CoverMyMeds on August 1, 2025. If you try to use CoverMyMeds for an IBX member, you will receive information on registering and resubmitting your ePA using Surescripts. Please refer to the graphic below:

    25-0112_IBX_img_1_1.png

Creating and managing an account

  1. How do I create and register an account with Surescripts?
    2. To register navigate to the Surescripts portal and select Register. Choose your role type (either prescriber or delegate) and fill out the required Account Information fields. Review and accept the EULA Agreement. Once you reach the Account Creation Complete page, select Return to Sign In. If you do not receive a password, return to the Surescripts portal, click Sign In and then click Forgot Password. When prompted, enter your email, and you will receive a link to set your password. In addition to receiving this response, you may also receive a fax or direct message from Surescripts that contains a TRX code to complete a specific prior authorization.
  2. ​Can a provider have multiple delegates?
    ​​ Providers can have multiple delegates. Initially, however, each provider must register and complete a one-time ID verification process with CLEAR. After verification, the delegate can create their own account and then request to be connected to the provider. Additionally, providers can add delegates to their account, enabling their staff to initiate and process prior authorizations on their behalf. Delegates can also add other delegates to their account.

  3. Can a delegate be assigned to multiple providers, and if so, how does that work?
    Yes, a single delegate can be assigned to multiple providers. Delegates can effortlessly switch between providers by selecting Change Location under their name in the top right corner of the portal and then choosing the desired provider or location. Additionally, delegates can create a location group to view prior authorizations from multiple providers in one worklist. For detailed instructions, refer to Section 12 in Surescripts' Prior Authorization Portal User Guide.

  4. How are delegates added to a provider account?
    To add a delegate, log into the portal, click your name in the upper right corner, and select Location Management. Choose the appropriate location, go to the Delegates section, and enter the name and email address of the person you want to add as a delegate. Select Add. If the delegate already has an account, they will be automatically added as a delegate for that provider location. Otherwise, the delegate will receive an email invitation to register for the portal. Once the delegate has completed registration, they will be able to process prior authorizations on the prescriber's behalf from their own account.

  5. Can my health system create an account for providers?
    Your health system may have already submitted information directly to Surescripts for user registration and CLEAR bulk verifications. If so, you should have received an email confirming verification and the ability to use the Surescripts Prior Authorization Portal. If you have not received an email, please contact your health care administrator or health services manager.


Identity Verification

  1. What is CLEAR?
    CLEAR is a third-party identity verification service that verifies health care providers' identities for Surescripts, ensuring only authorized access to the network.

  2. CLEAR requests a government-issued ID as part of the verification process. Is this a privacy violation?No. It's important for providers and their delegates to understand that the verification process helps protect their data while submitting an ePA so that false ePAs cannot be submitted. 

  3. I'm a provider. How do I complete ID proofing with CLEAR?

    1. ​To verify your identity, make sure you have a smartphone with a camera and a government-issued ID (such as a driver's license or passport). Do not use a work phone number or a number associated with a company-issued mobile device.
    2. Log into the Prior Authorization Portal, click on your name in the upper right corner, and select ID Verification.
    3. Click Start Verification. You will receive an email with a link to the CLEAR website asking you to complete the ID verification process.
    4. Carefully follow the instructions in the email.
    5. Once you've completed ID verification, return to the Prior Authorization Portal (you may need to log in again).
    6. Go to the Identity Verification page, click Add Location, fill in the required fields, and click Submit.
    7. Once you've completed this process, you'll be assigned to the specified location. Now you can initiate prior authorizations.

  4. ​​I'm a delegate. How do I initiate ID proofing with CLEAR?

    1. To initiate ID proofing, inform the provider that they will need a smartphone with a camera and a government-issued ID. As noted above, be sure the provider uses their personal mobile device. It is also important that the address information on the government-issued ID be up to date.
    2. Log into the Prior Authorization Portal, click on your name in the upper right corner, and select ID Verification.
    3. Enter the provider's NPI and name. If an account has already been registered for this provider, you will receive an error, and the provider will need to follow the steps above to complete ID verification.
    4. The provider will receive an email to set a password for their account, but if they know you (their delegate) will handle all authorizations on their behalf, setting a password is not required.
    5. Click Start Verification and ask the provider to check their inbox for an email with a link to the CLEAR website, where they will need to follow the instructions to complete the ID verification process.
    6. Once the provider has successfully completed ID verification, return to the Prior Authorization Portal (you may need to log in again).
    7. Go to the Identity Verification page, click Add Location, fill in the required fields, and click Submit. Once you've successfully completed this process, you'll be assigned to the specified location as a delegate, and you can initiate prior authorizations on behalf of the provider.

  5. By giving personal information for verification, is my privacy at risk?
    No. You can learn more about CLEAR's relationship with Surescripts and the steps they've taken to protect the identities of patients and providers. Unlike other identity assurance level 2 (IAL2)-compliant solutions, which often require multiple documents and confusing steps, CLEAR verifies providers with a strong government-issued ID (uploaded only during the initial verification), facial biometrics, and back-end data corroboration. A quick selfie replaces the previous slow, error-prone, and multistep process. It's faster, simpler, and still meets the highest standards for security and NIST 800-63-3 IAL2 compliance. CLEAR support should be utilized if there are issues during the identity proofing process.

Multifactor authentication​

  1. ​What is multifactor authentication (MFA)?
    MFA adds an extra layer of security when logging in by requiring two or more ways to verify your identity, such as a password plus a code from your phone.

  2. Why is MFA required?
    MFA significantly enhances security, which is critical for protecting sensitive information like protected health information (PHI). It helps maintain compliance with regulations like HIPAA and adds a crucial layer of protection, making it much harder for unauthorized individuals to access secure systems.

  3. What multifactor authentication app should I use? Will I need to pay for it?
    You can use any app that supports time-based one-time passwords (TOTP). Go to the app store on your mobile device and search for “TOPT authentication," and you will find several options that are free to download and use on your smartphone. Some popular TOTP apps include Google Authenticator, Microsoft Authenticator, and Duo. You should not need to pay for an MFA app. Be sure you are downloading a reputable TOTP application. If your TOTP app has ads or requests payment, delete the app and download a different one.

  4. Do I need to have my personal cell phone for MFA?
    If you don't always have your mobile device for MFA, you can use a token system supported by TOTP, provided your health system is compatible.

  5. Can the CLEAR process requirements for MFA be modified?
    The CLEAR process requirements for MFA cannot be modified. The setup steps are outlined below.

    • One-time setup: Prescribers complete the verification once and can reuse their identity across the Surescripts network.
    • Biometric authentication: Includes a selfie and submission of a government-issued ID.
    • Source corroboration: CLEAR verifies the ID against authoritative sources to confirm authenticity.
    • Reusable digital identity: Once verified, the identity can be used for future logins and other secure actions.
    • Session duration for MFA: After successful multi-factor authentication, the session remains active for 10 hours before requiring re-authentication.