Search
K
< Back

Governance

Health Gorilla operates as a designated QHIN under a governance framework that defines how participants connect, exchange, and remain compliant across nationwide interoperability networks. This framework ensures that all organizations follow consistent policies, uphold reciprocity expectations, and maintain the trust required for secure, large-scale clinical data exchange.

Why Governance Matters

Governance establishes the rules, policies, and oversight mechanisms that support nationwide interoperability. It clarifies how organizations connect, exchange data, and meet federal and framework-specific requirements. Strong governance protects patient privacy, enforces reciprocal participation, and ensures all participants benefit from broad access to clinical information.

By following Health Gorilla’s governance model, participants can:

  • Use Patient360, Clinical Alerts, Lab Network, and other services in alignment with TEFCA and national requirements
  • Access external records through Carequality, CommonWell, eHealth Exchange, and TEFCA QHINs
  • Demonstrate compliance with HIPAA, CMS interoperability rules, and federal participation agreements

Participation Requirements

To participate in Health Gorilla’s exchange ecosystem, organizations must meet baseline expectations that support trusted and reciprocal exchange.

  • Execute a participation agreement with Health Gorilla and applicable frameworks
  • Ensure all queries are made for a permitted purpose of use, typically treatment
  • Maintain compliance with HIPAA, TEFCA, and related regulatory standards
  • Share back clinically meaningful data, such as encounter summaries, lab results, immunizations, or other supported resource types

For operational details on how data is validated, normalized, and exchanged, go to Data Sharing.

Reciprocity and Shareback

Nationwide exchange is built on a reciprocal model in which organizations that retrieve external records are also responsible for contributing clinically meaningful data back into the network. Health Gorilla processes contributed data through the same validation, normalization, and provenance-tagging pipeline used for record retrieval. After processing, the data is routed through the appropriate trust framework—such as Carequality, CommonWell, eHealth Exchange, or TEFCA QHINs—to ensure consistent, transparent exchange across all participants.

For technical details on how contributed records are validated and exchanged, go to Data Reciprocity.

Responder-Only Participation

Some organizations participate as responder-only contributors, allowing their data to be queried by others without initiating outbound retrievals. This model is supported through the Health Gorilla data repository or federated access, depending on implementation needs.

Oversight and Compliance

Health Gorilla monitors participation and enforces compliance through audits, reporting, and corrective action.

  • All exchange activity is logged and auditable
  • Compliance status is reviewed regularly, with remediation processes for nonconformance
  • Serious violations may result in suspension or termination of participation
  • Compliance reports are submitted to the Recognized Coordinating Entity (RCE) and federal oversight bodies as required