Health information security and privacy are Health Gorilla's most fundamental values.

Our increased investments in data security, privacy, and governance led to Health Gorilla's designation as  one of the first Qualified Health Information Networks under the Trusted Exchange Framework and Common Agreement, the federally endorsed framework for national data exchange.

Top Shelf Data Security

HITRUST R2

We’re HITRUST R2 certified, which means that we successfully manage cybersecurity risks by exceeding industry-defined information security requirements.

SOC 2 Type 2

SOC 2 Type 2 is a stamp of approval on our controls relevant to data security, availability, processing, integrity, confidentiality, and privacy.

HIPAA

Complying with applicable health data laws, including HIPAA, is ingrained in our culture, processes, and staff training.

We’re committed to protecting patient data.

Our platform contains innovative technologies designed to minimize how much patient data we, or anyone else, can access from our network. We’ve invented powerful security features that help prevent anyone except the patient and their authorized provider from being able to access health information.

Intelligent Identity Resolution

We verify your identity to IAL2 (Identity Assurance Level 2) level standards as specified in NIST Special Publication 800-63A. This is one of the highest forms of personal verification to ensure that nobody other than you can access and control your health data.

More details

Intelligent Identity Resolution

We verify your identity to IAL2 (Identity Assurance Level 2) level standards as specified in NIST Special Publication 800-63A. This is one of the highest forms of personal verification to ensure that nobody other than you can access and control your health data.

Safety Check

Safety Check ensures that clinical documents coming from different sources are always matched to the right patient in our system, minimizing risks to patient safety. Leveraging a proprietary, state-of-the-art Master Patient Index, we’re constantly monitoring the flow of documents to ensure accurate patient matching. 

More details

Safety Check

Safety Check ensures that clinical documents coming from different sources are always matched to the right patient in our system, minimizing risks to patient safety. Leveraging a proprietary, state-of-the-art Master Patient Index, we’re constantly monitoring the flow of documents to ensure accurate patient matching. 

Access Guard

With Health Gorilla, there are only 2 parties that can access health data – patients and their authorized healthcare provider. We have a robust authentication system to ensure that providers retrieving data from our network are who they say they are.

More details

Access Guard

With Health Gorilla, there are only 2 parties that can access health data – patients and their authorized healthcare provider. We have a robust authentication system to ensure that providers retrieving data from our network are who they say they are.

Secure Sharing

Share health data securely and seamlessly with care staff or other authorized users. Choose which data to share, including medications, vitals, labs, allergies, progress notes, and much more.

More details

Secure Sharing

Share health data securely and seamlessly with care staff or other authorized users. Choose which data to share, including medications, vitals, labs, allergies, progress notes, and much more.

End-to-end Encryption

Health Gorilla keeps personal data protected with end-to-end encryption. Medical records are encrypted in transit and at rest, preventing unwanted third parties from accessing sensitive health data.

More details

End-to-end Encryption

Dec 18, 202Dec 18, 202Dec 18, 202

Tracking Defense

We do not participate in cross-site tracking, and minimize any personal data passed to third parties. We never sell any health information to anyone, in any shape or form.

More details

Tracking Defense

We do not participate in cross-site tracking, and minimize any personal data passed to third parties. We never sell any health information to anyone, in any shape or form.

Secure Authentication

With Health Gorilla, your password is never kept on a web server, so you don’t have to worry about password leaks compromising your accounts. Passwords are end-to-end encrypted, and we protect user accounts through AAL2 compliant authentication standards, including Multi Factor Authentication.

More details

Secure Authentication

With Health Gorilla, your password is never kept on a web server, so you don’t have to worry about password leaks compromising your accounts. Passwords are end-to-end encrypted, and we protect user accounts through AAL2 compliant authentication standards, including Multi Factor Authentication.

Cloud Backup

Any patient health information retrieved through Health Gorilla is backed up on our secure cloud platform. With HITRUST R2 and SOC 2 Type 2 certification, rest assured that patient data is safe, secure, and protected.

More details

Cloud Backup

Any patient health information retrieved through Health Gorilla is backed up on our secure cloud platform. With HITRUST R2 and SOC 2 Type 2 certification, rest assured that patient data is safe, secure, and protected.

Privacy and security are in our roots.

Data privacy and security are fundamental values that drive us forward in our mission to improve outcomes through health data exchange. Data privacy and security are also top priorities in our software development process.