Health data security
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Health information security and privacy are Health Gorilla's most fundamental values.
Our increased investments in data security, privacy, and governance led to Health Gorilla's designation as one of the first Qualified Health Information Networks under the Trusted Exchange Framework and Common Agreement, the federally endorsed framework for national data exchange.
Top Shelf Data Security
HITRUST R2
We’re HITRUST R2 certified, which means that we successfully manage cybersecurity risks by exceeding industry-defined information security requirements.
SOC 2 Type 2
SOC 2 Type 2 is a stamp of approval on our controls relevant to data security, availability, processing, integrity, confidentiality, and privacy.
HIPAA
Complying with applicable health data laws, including HIPAA, is ingrained in our culture, processes, and staff training.
We’re committed to protecting patient data.
Our platform contains innovative technologies designed to minimize how much patient data we, or anyone else, can access from our network. We’ve invented powerful security features that help prevent anyone except the patient and their authorized provider from being able to access health information.
Intelligent Identity Resolution
We verify your identity to IAL2 (Identity Assurance Level 2) level standards as specified in NIST Special Publication 800-63A. This is one of the highest forms of personal verification to ensure that nobody other than you can access and control your health data.
Safety Check
Safety Check ensures that clinical documents coming from different sources are always matched to the right patient in our system, minimizing risks to patient safety. Leveraging a proprietary, state-of-the-art Master Patient Index, we’re constantly monitoring the flow of documents to ensure accurate patient matching.
Access Guard
With Health Gorilla, there are only 2 parties that can access health data – patients and their authorized healthcare provider. We have a robust authentication system to ensure that providers retrieving data from our network are who they say they are.
Secure Sharing
Share health data securely and seamlessly with care staff or other authorized users. Choose which data to share, including medications, vitals, labs, allergies, progress notes, and much more.
End-to-end Encryption
Health Gorilla keeps personal data protected with end-to-end encryption. Medical records are encrypted in transit and at rest, preventing unwanted third parties from accessing sensitive health data.
Tracking Defense
We never sell any health information to anyone, in any shape or form.
Secure Authentication
With Health Gorilla, your password is never kept on a web server, so you don’t have to worry about password leaks compromising your accounts. Passwords are end-to-end encrypted, and we protect user accounts through AAL2 compliant authentication standards, including Multi Factor Authentication.
Cloud Backup
Any patient health information retrieved through Health Gorilla is backed up on our secure cloud platform. With HITRUST R2 and SOC 2 Type 2 certification, rest assured that patient data is safe, secure, and protected.
Privacy and security are in our roots.
Data privacy and security are fundamental values that drive us forward in our mission to improve outcomes through health data exchange. Data privacy and security are also top priorities in our software development process.
Our resources on data privacy and security.
2023 State of Interoperability Report
Learn how healthcare executives are approaching data privacy and security in light of broader health information exchange mandates.
4 Predictions for 2023: TEFCA Exchange, Patient Privacy, Individual Access, and Digital Health M&A
Hear from our network of interoperability experts on predictions around patient privacy for 2023.
Q&A with Health Gorilla Chief Medical Officer Steven Lane, MD, MPH
Our Chief Medical Officer sat down with Healthcare Innovation to discuss new federal initiatives to enable secure health information sharing, including TEFCA and QHINs.