Search
K
< Back

Retention and Access

Health Gorilla retains audit logs and API request records in accordance with HIPAA and SOC 2 guidelines. Log data is preserved to support compliance reviews, breach investigations, and internal audit requirements.

Retention Policies

  • Standard retention: Audit logs are retained for a minimum of six years, in line with HIPAA requirements.
  • Access logs: API request metadata, including timestamp, method, endpoint, and status code, is retained for internal monitoring and client access if needed.
  • System events: Administrative actions, login attempts, and configuration changes are recorded and retained alongside API activity logs.

Access Control

Audit log access is limited to authorized personnel. Health Gorilla restricts access based on role and tenant scope and may require confirmation from your designated Client Success Manager (CSM) or security officer before releasing log data.

To request access to audit logs

  1. Identify the timeframe and environment (sandbox or production).
  2. Specify the type of activity or endpoint involved.
  3. Provide identifying information such as the tenant name, user, or patient ID if applicable.
  4. Submit the request to Health Gorilla Support at support@healthgorilla.com or through the Help Center. The Client Support Team will respond with the requested logs.

Logs are typically provided as encrypted CSV or JSON files and include only data relevant to your tenant.

Health Gorilla may limit the scope or frequency of log requests based on internal policies or contract terms.