Health Gorilla IAS (Patient Access) Privacy Notice

Last Updated: March 20, 2023

Health Gorilla IAS (Patient Access) Privacy Notice

HIPAA 

This Health Gorilla is a HIPAA-covered entity?

  • No

Use: How we use your data internally  due 

Primary Service: Our app or technology is used primarily to allow you to query and obtain your medical records through our national network. 

We collect and use your identifiable data1 to:  

  • Provide the primary service of the app or technology  
  • Support company operations (e.g., quality control or fraud detection) 
  • Develop and improve new and current products and services (e.g., analytics4

Share: How we share your data externally with other companies or entities  

We share your identifiable data1 to:  

  • Provide the primary service of the app or technology in querying your medical records from participants in our national network.
  • Support company operations (e.g., quality control or fraud detection) 
  • Develop and improve new and current products and services (e.g., analytics4)

Store: How we store your data  

We store your data through an outside cloud computing services provider.

Encryption2: How we encrypt your data  

We encrypt your data in the system.

  • Yes, automatically

We encrypt your data when stored on our company servers or with an outside cloud computing3 services provider.

  • Yes, automatically 

We encrypt your data while it is transmitted 

  • Yes, automatically  

Privacy: How this technology accesses other data  

The technology or app requests access to other device data or applications, such as your phone’s camera, photos, or contacts   

  • Yes, only with your permission. It connects to an identification /authentication application.
  • Camera 

User Options: What you can do with the data that we collect  

The technology or app allows you to access, edit, share, or delete the data we have about you 

  • Yes, you can access your data.
  • Export your data to share it from the XML file
  • Delete your data through a manual request process.

Deactivation4: What happens to your data when your account is deactivated  

When your account is deactivated/terminated by you or the company, your data is…  

  • Retained and used until you request deletion 

Policy Changes: How we will notify you if our privacy policy changes 

Any policy changes that are applicable to Individual Access Services in Patient Access will be posted and consumers can find such changes on our website here.

Breach5: How we will notify you and protect your data in case of an improper disclosure 

Health Gorilla complies with all applicable laws regarding breaches. Under HIPAA, Health Gorilla is a business associate, not a covered entity. We will comply with the terms and conditions of the applicable business associate agreement regarding your breach notification.

How to Contact Us - Patient Access Users

Health Gorilla, Inc.

Email: support@healthgorilla.com

Phone: 1-844-446-7455

1“Identifiable data” means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.  

2” Encryption” means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.  

3“Cloud computing” means: a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.  

4“Deactivation” means: an individual takes action or a company ceases operation or deactivates an individual’s account due to inactivity.  

5“Breach” means: an unauthorized disclosure of the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of the HIPAA Privacy Rule which compromises the security or privacy of the protected health information.