Search
K
< Back

Policy Enforcement

The Patient Data Retention Service enforces tenant-defined rules automatically once enabled and does not support a manual pause or override.

Health Gorilla provides built-in mechanisms for monitoring purge activity, validating configurations, and generating audit-ready reports. These tools help you maintain accountability and demonstrate adherence to internal governance and external regulatory frameworks.

Tracking Purge Activity

Health Gorilla logs all purge events triggered by the Patient Data Retention Service. These logs are available upon request to validate retention enforcement or support compliance audits.

  • Logs include timestamps, resource types, and number of records deleted
  • All data removal events are retained in Health Gorilla’s internal audit system
  • Clients can request logs through their Client Success Manager (CSM) or support@healthgorilla.com
  • Audit exports may be scheduled for enterprise clients or compliance reporting
  • When demographic data is deleted, the enterprise Master Patient Index (eMPI) is updated to remove references and unlink identities

Configuring Retention

Retention rules are enforced at the tenant level and must be defined per data category. During onboarding or policy updates, Health Gorilla applies your requested durations and confirms that the configuration is active.

  • Retention periods are set individually for Patient360, clinical data, and demographic data
  • Configuration is completed by Health Gorilla based on your submitted request form
  • Modifications require confirmation via your CSM or Health Gorilla Support
  • Retention rules cannot be disabled once enabled

Reporting and Verification

You can request formal retention reports from Health Gorilla to support audits, lifecycle reviews, or internal governance processes. These reports summarize retention behavior and verify enforcement.

  • Reports include applied retention thresholds, deletion statistics, and summaries by resource type
  • Deletion events are grouped by data category and time period
  • Recurring reports may be provided for enterprise accounts or compliance partners
  • Internal archiving is logged for auditing purposes but archived content is not exposed in client-facing reports

Summary

Health Gorilla provides traceability of data deletion through audit logs, tenant-level configurations, and reporting. These controls enable you to confirm that retention policies are enforced and provide documentation for compliance requirements.