Health information security and privacy are Health Gorilla's most fundamental values.
Our increased investments in data security, privacy, and governance led to the approval of our application to become one of the first federally regulated Qualified Health Information Networks. With the application approval, we are on track to serve as one of six national nodes for secure nationwide health information exchange.
Top Shelf Data Security
HITRUST
We’re HITRUST R2 certified, which means that we successfully manage cybersecurity risks by exceeding industry-defined information security requirements.
SOC 2 Type 2
SOC 2 Type 2 is a stamp of approval on our controls relevant to data security, availability, processing, integrity, confidentiality, and privacy.
HIPAA
Complying with applicable health data laws, including HIPAA, is ingrained in our culture, processes, and staff training.
We’re committed to protecting patient data.
Our platform contains innovative technologies designed to minimize how much patient data we, or anyone else, can access from our network. We’ve invented powerful security features that help prevent anyone except the patient and their authorized provider from being able to access health information.
Intelligent Identity Resolution
We verify your identity to IAL2 (Identity Assurance Level 2) level standards as specified in NIST Special Publication 800-63A. This is one of the highest forms of personal verification to ensure that nobody other than you can access and control your health data.
Intelligent Identity Resolution
We verify your identity to IAL2 (Identity Assurance Level 2) level standards as specified in NIST Special Publication 800-63A. This is one of the highest forms of personal verification to ensure that nobody other than you can access and control your health data.
Safety Check
Safety Check ensures that clinical documents coming from different sources are always matched to the right patient in our system, minimizing risks to patient safety. Leveraging a proprietary, state-of-the-art Master Patient Index, we’re constantly monitoring the flow of documents to ensure accurate patient matching.
Safety Check
Safety Check ensures that clinical documents coming from different sources are always matched to the right patient in our system, minimizing risks to patient safety. Leveraging a proprietary, state-of-the-art Master Patient Index, we’re constantly monitoring the flow of documents to ensure accurate patient matching.
Access Guard
With Health Gorilla, there are only 2 parties that can access health data - patients and their authorized healthcare provider. We have a robust authentication system to ensure that providers retrieving data from our network are who they say they are.
Access Guard
With Health Gorilla, there are only 2 parties that can access health data - patients and their authorized healthcare provider. We have a robust authentication system to ensure that providers retrieving data from our network are who they say they are.
Secure Sharing
Share health data securely and seamlessly with care staff or other authorized users. Choose which data to share, including medications, vitals, labs, allergies, progress notes, and much more.
Secure Sharing
Share health data securely and seamlessly with care staff or other authorized users. Choose which data to share, including medications, vitals, labs, allergies, progress notes, and much more.
End-to-end Encryption
Health Gorilla keeps personal data protected with end-to-end encryption. Medical records are encrypted in transit and at rest, preventing unwanted third parties from accessing sensitive health data.
End-to-end Encryption
Health Gorilla keeps personal data protected with end-to-end encryption. Medical records are encrypted in transit and at rest, preventing unwanted third parties from accessing sensitive health data.
Tracking Defense
We do not participate in cross-site tracking, and minimize any personal data passed to third parties. We never sell any of health information to anyone, in any shape or form.
Tracking Defense
We do not participate in cross-site tracking, and minimize any personal data passed to third parties. We never sell any of health information to anyone, in any shape or form.
Secure Authentication
With Health Gorilla, your password is never kept on a web server, so you don’t have to worry about password leaks compromising your accounts. Passwords are end-to-end encrypted. Our iOS apps host additional authentication protocols including Touch ID or Face ID.
Secure Authentication
With Health Gorilla, your password is never kept on a web server, so you don’t have to worry about password leaks compromising your accounts. Passwords are end-to-end encrypted. Our iOS apps host additional authentication protocols including Touch ID or Face ID.
Cloud Backup
Any patient health information retrieved through Health Gorilla is backed up on our secure cloud platform. With HITRUST R2 and SOC 2 Type 2 certification, rest assured that patient data is safe, secure, and protected.
Cloud Backup
Any patient health information retrieved through Health Gorilla is backed up on our secure cloud platform. With HITRUST R2 and SOC 2 Type 2 certification, rest assured that patient data is safe, secure, and protected.
Privacy and security are in our roots.
Data privacy and security are fundamental values that drive us forward in our mission to improve outcomes through health data exchange. Data privacy and security are also top priorities in our software development process.
Our resources on data privacy and security.
2023 State of Interoperability Report
Learn how healthcare executives are approaching data privacy and security in light of broader health information exchange mandates.
4 Predictions for 2023: TEFCA Exchange, Patient Privacy, Individual Access, and Digital Health M&A
Hear from our network of interoperability experts on predictions around patient privacy for 2023.
Q&A with Health Gorilla Chief Medical Officer Steven Lane, MD, MPH
Our Chief Medical Officer sat down with Healthcare Innovation to discuss new federal initiatives to enable secure health information sharing, including TEFCA and QHINs.
