Health Gorilla IAS (Patient Access) Privacy Notice

Health Gorilla IAS (Patient Access) Privacy Notice

Last Updated: August 30, 2024

Health Insurance Portability and Accountability Act (HIPAA) Compliance

Health Gorilla follows HIPAA rules but is not a Covered Entity. We are a business associate of Covered Entities.

How We Use Your Data Internally

Primary Service: Our service helps you find and get your medical records from our national networks and affiliates.

We collect and use your identifiable data1 to:

  • Provide the main service.
  • Support company operations (like quality control or fraud detection).
  • Develop and improve new and current products and services (like analytics).

How We Share Your Data Externally

We share your identifiable data1 to:  

  • Provide the main service by getting your medical records from our networks.
  • Support company operations (like quality control or fraud detection).
  • Develop and improve new and current products and services (like analytics).

How We Store Your Data

We store your data using a cloud services provider3.

When We Encrypt2 Your Data

We encrypt your data in the system.

  • We encrypt your data within our system:
    • Yes, automatically.
  • We encrypt your data when stored:
    • Yes, automatically.
  • We encrypt your data while it is transmitted:
    • Yes, automatically.

How This Technology Accesses Other Data

The service may ask for access to other device data or applications, such as your phone’s camera, photos, or contacts:

  • Yes, only with your permission.
    • It connects to an identification/authentication application.
  • Camera, for biometric validation of your identity.

What You Can Do with the Data We Collect

The service allows you to access, edit, share, or delete the data we have about you:

  • Yes, you can access your data.
  • Export your data to share it from an XML file.
  • Delete your data through a manual request process as permitted by regulations

What Happens to Your Data When Your Account Is Deactivated

When your account is deactivated or terminated by you or the company, your data as held by us is:

  • Retained and used until you request deletion through the manual request process described above. However, note that deletion may be delayed depending on the legal obligations of your healthcare provider.

How We Will Notify You If Our Privacy Policy Changes

Any policy changes that are applicable to IAS/Patient Access will be posted, and consumers can find such changes on our website at https://www.healthgorilla.com/home/policies/patient-access- privacy-notice.

How We Will Notify You and Protect Your Data in Case of an Improper Disclosure

Health Gorilla follows appropriate regulations relating to data breaches. Under HIPAA, Health Gorilla is a Business Associate, not a Covered Entity. We will follow our obligations as a Business Associate under HIPAA regarding your breach notification.

How to Contact Us - Patient Access Users

  • Health Gorilla, Inc.
  • Email: support@healthgorilla.com
  • Phone: 1-844-446-7455
Definitions:

1“Identifiable data” means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.  

2” Encryption” means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.  

3“Cloud computing” means: a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.  

4“Deactivation” means: an individual takes action or a company ceases operation or deactivates an individual’s account due to inactivity.  

5“Breach” means: an unauthorized disclosure of the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of the HIPAA Privacy Rule which compromises the security or privacy of the protected health information.