2025 Q3 Release Notes
Health Gorilla releases in July, August, and September 2025 are listed below in reverse chronological order.
Quarter Summary
| Date | Version | Highlights |
|---|---|---|
| Sep 30 | 2540 | IAS provider search · SMART on FHIR launch · Medication retrieval fix |
| Sep 16 | 2538 | Patient360 source field · Federated audit entries · IAS purpose-of-use filter |
| Sep 2 | 2536 | Last Retrieved timestamp · Address normalization · Radiology categorization · MFA reliability |
| Aug 19 | 2534 | Vital signs linked to encounters · IAS compliance checks · Admin MFA reset · QHIN endpoint discovery |
| Aug 5 | 2532 | Embedded PDF viewer · Admin pagination fix · Report field restoration |
| Jul 22 | 2530 | ITI-41 shareback support · Carequality delegation updates · Procedure category filtering |
| Jul 8 | 2528 | Result assignment enhancements · Federated data retention · MFA improvements |
September 30, 2025 (v 2540)
Individual Access Service (IAS)
- IAS Provider Search: A new endpoint in
FacilityPatientResourceProviderallows you to search for and locate providers that offer IAS services through SMART on FHIR. - SMART on FHIR Launch Flow: A standalone SMART on FHIR launch flow now allows users to log in to the sandbox and obtain access and refresh tokens from supported Patient Access servers.
Resolutions
- Medication Retrieval: Resolved a 400 Bad Request error that occurred when retrieving a list of medications.
- Patient Chart Document Download: Corrected an issue that prevented attached documents from downloading in the new Patient Chart.
September 16, 2025 (v 2538)
Patient360
Event Source Field: Added the p360Source field to the Events endpoint response to identify the origin of Patient360 events (Carequality, CommonWell, eHealth Exchange, or TEFCA).
Clinical Alerts
Federated Audit Entries: Audit transactions for eHealth Exchange (eHEX) and QHIN queries are now split into separate entries for each federated request, with links preserved to the original incoming query. This applies to both ITI-38 (query) and ITI-39 (document retrieval) transactions.
Individual Access Service (IAS)
Purpose-of-Use Filtering: Initiating Gateways now query only Responding Gateways configured with an IAS Purpose of Use REQUEST in the Carequality directory.
Resolutions
- FHIR $everything Queries: Corrected an issue where
$everythingqueries with date filters inadvertently excludedDiagnosticReportresources. - C-CDA Upload: Fixed a Consolidated Clinical Document Architecture (C-CDA) upload error caused by a misaligned servlet.
- Diagnosis Sorting: Resolved a request error that occurred when sorting diagnoses by Risk Adjustment Factor (RAF).
- Document Filenames: Resolved an issue that allowed document filenames to be generated with duplicate
.xmlstrings.
September 2, 2025 (v 2536)
Patient360
Last Retrieved Field Update: The Last Retrieved field now records both the date and time instead of the date only.
Patient Chart Viewer
- Normalized Addresses: Demographics now display normalized addresses when available, falling back to original values if normalization is not present.
- Source Document Type: Links to source documents now display the document type along with existing metadata.
- Sorting Improvements: Table columns can now be sorted in ascending or descending order on key pages such as Medications, Allergies, Immunizations, and Procedures.
Clinical Parsing: Radiology Categorization
Radiology results are now classified using Apelon-managed categorization mapping instead of static CPT code ranges. The mapping supports multiple coding systems, is cached in memory for one day, and can be updated as needed.
Multi-Factor Authentication (MFA) Enhancements
Stronger MFA security is now enforced by disabling alternate login options after a failed attempt. Usability is improved with clearer error messages and accurate failed-login metrics in the Risk Assessment area.
Resolutions
- Procedure and Equipment Payload: Removed the requirement to include the
idfield inPATCHrequest bodies for procedure and equipment updates, since the resource ID is already specified in the request URL.
August 19, 2025 (v 2534)
Patient360
Vital sign observations parsed from C-CDA documents are now linked to their associated Encounter when appropriate.
Carequality IAS: Patient Access Requests
Carequality IAS workflows for patient access now require an ID token and a declared purpose of use. These fields are validated to ensure compliance with Carequality’s Individual Access Services (IAS) policies.
Enterprise and Practice Portals: Admin MFA Reset
Tenant administrators can now reset Multi-Factor Authentication (MFA) for users from a new Multi-Factor Authentication (MFA) section in Settings, with two options:
- Account Recovery triggers an MFA reset so the user can re-enroll at their next login.
- Risk Assessment opens a modal with security details, including the number of failed password attempts since the last successful login.
These actions are role-restricted, fully audited, and respect MFA configuration rules. When tenant-wide MFA is off but an individual user has MFA enabled, actions are available only for that user.
Enterprise Portal: Locations API
The Company Account section now supports APIs for viewing and managing company locations.
QHIN: SMART-on-FHIR Endpoint Discovery (T-IAS)
A new API endpoint lets you pass a patientId and query the QHIN network directory for SMART-on-FHIR endpoints associated with that patient. The request uses the T-IAS (Treatment with Identity Assurance) purpose of use and ITI-38 to confirm data availability. Returned endpoints include SMART launch URLs and compatibility flags.
Resolutions
- CDA Import: Stopped
PrepareInteractionPreviewsEventfrom firing for C-CDA imports without PDF attachments. - Network Query Compliance: Ensured denylisted endpoints are excluded from Carequality and QHIN network queries.
- Cursor Pagination Limits: Enforced documented
_countparameter limits for cursor pagination. - Patient360 Queries: Limited location-based radius calculations to relevant tenant locations, reducing excess queries.
- C-CDA Export: Restored the “Diagnoses” segment in C-CDA exports and added Spanish translation for success messages.
- FHIR
$everything: Prevented invalid date ranges in $everything requests with descriptive error messages. - Family History: Corrected missing family history items in API responses.
- Immunization Records: Allowed creation of distinct immunization records with different vaccineId values.
includeMedicalHistoryParameter: UpdatedincludeMedicalHistoryto correctly return diagnoses when set to true.
August 5, 2025 (v 2532)
Patient Chart Viewer
The embedded PDF viewer is now enabled by default for documents and results. Fax documents are excluded to preserve per-page editing workflows.
Resolutions
- Admin Portal Pagination: Fixed a pagination issue that limited result sets to 10 items by default, even when more results were available.
- Reports: Restored the Visit ID field in Order and Result reports in both Practice and Enterprise Settings.
July 22, 2025 (v 2530)
Document Exchange: ITI-41 Shareback
Health Gorilla now supports inbound ITI-41 (Provide and Register Document Set-b) transactions. This allows external systems to contribute documents into the platform, improving interoperability and allowing providers to contribute records from outside networks.
Carequality: Delegation of Authority
Health Gorilla added support for delegated access across Carequality request and response flows. Delegated transactions now include standardized SAML attributes to reflect the authorized Principal, with enforcement based on Carequality’s Delegation of Authority policy.
Patient Chart Viewer
Procedures are now grouped into configurable categories during ingestion. A new filter allows clients to retrieve procedures by category, with tenant-level configuration available via metadata and user profile endpoints.
Resolutions
- Diagnostic Report Timestamps: Corrected timestamp formatting in diagnostic reports to use the standard Z UTC suffix instead of
+00:00.
July 8, 2025 (v 2528)
Result Assignment Workflows: Expanded Capabilities
The result assignment interface now helps Independent Physician Association (IPA) administrators review and reprocess unassigned diagnostic results.
Patient360
The retention process now includes data retrieved from federated networks. Cleanup filters were extended to apply consistently across both direct and federated data.
Patient Chart Viewer
Procedure filtering is now supported in the Patient Chart APIs. Category codes can be managed through metadata endpoints and tenant-level settings.
Authentication
Secondary MFA Method Selection: If you use both SMS and Authenticator App MFA methods, you can now select your preferred method after logging in. However, multiple failed logins restricts your ability to switch between methods and blocks log in after three failures.
Lab Network
The placeOrder payload now accepts a patient field with a known Health Gorilla ID, eliminating the need to submit full patient demographics.
Enterprise Portal
Reporting features in the Enterprise Portal dashboard are currently marked as under maintenance until further notice.
Resolutions
- Encounter Search: Resolved a bad request error caused by invalid state values in encounter searches.
- External ID Field Mapping: Fixed an issue where external patient identifiers were saved to the wrong field during roster updates.
- Clinician Subscriptions: Resolved an issue that prevented updates to clinician subscriptions.
- Patient360 Metadata Counts: Reinstated missing metadata tallies and improved layout on the Patient360 Requests page.
- MasterPatient Unlink: Updated the batch unlink logic to correctly handle patients with only a single MasterPatient link.
- MFA Option Visibility: Corrected a logic issue that prevented the display of SMS or Authenticator App options based on configuration.
- MFA Retry Flow: Corrected the retry behavior that occurs after multiple MFA login failures, including logic for switching between MFA methods.