Retention Policies

Each tenant is configured with default retention rules that determine how long data remains accessible:

• Clinical data such as FHIR resources and documents is retained for a fixed duration (e.g., 90 or 180 days)
• Webhook notifications and delivery logs have shorter retention windows
• Audit logs and access records follow extended retention periods for compliance

Retention settings are configured per tenant and apply across all environments unless overridden.

Purge Workflows

When data reaches the end of its retention period, it is automatically purged from the system.

• Purge operations are scheduled and executed by Health Gorilla
• Deleted data is no longer available for retrieval through the FHIR API
• Metadata such as tags and document references may also be removed
• Purged data cannot be restored, and archived copies are retained internally for auditing purposes only

Clients should maintain local persistence if long-term storage is required beyond the retention window.

Considerations for Integration

To align with retention policies:

• Do not treat Health Gorilla as a permanent system of record
• Ingest and persist critical clinical data in your system after retrieval
• Monitor delivery timestamps and purge timelines to avoid missing expiring data
• Use webhook event timestamps and response metadata (meta.lastUpdated) to track record aging

Summary

Health Gorilla applies tenant-specific retention rules that govern how long data remains accessible. To support data continuity and compliance, retrieve and store necessary records locally before automatic purging occurs.