Data Categories and Recommended Retention

Note: The retention period for Patient360 data must be less than or equal to the period defined for clinical data.

Considerations by Data Type

• Patient360 Data: Includes all records retrieved via the $p360-retrieve operation, such as Encounter, Observation, Condition, and DocumentReference resources. Retention applies only to externally sourced records that are matched to a registered patient.
• Clinical Data: Includes data generated or stored within the solution, such as lab results, medications, allergies, and uploaded documents tied to clinical workflows. Uploaded documents tied to Patient360-sourced data are excluded from deletion. Uploaded documents tied to clinical or demographic records may be deleted if included in your retention configuration.
• Demographic Data: Includes Patient, RelatedPerson, and associated identifiers. Deleting these records updates the eMPI to remove references and unlink identities.

Enforcement Details

• No records are deleted unless a retention rule is defined for the corresponding data type.
• The service runs daily and evaluates each record’s age relative to its retention threshold.
• Archiving occurs automatically before deletionp it is always enabled and cannot be turned off. Archived copies support audit traceability, legal discovery, and compliance reviews but are not accessible to clients and cannot be restored.
• Retention rules are configured at the tenant level and reviewed by Health Gorilla before enforcement.

Summary

Retention rules vary by data type and must reflect your organizational policies and compliance requirements. Define thresholds carefully to balance storage usage, record availability, and identity continuity. Records that exceed defined retention periods are archived and permanently deleted through the automated daily workflow.