Security Practices
Security practices define how Health Gorilla safeguards protected health information, enforces authorized access, and monitors API usage for potential threats. They include authentication controls, encryption, role and IP restrictions, transport security, token management, reporting, and regulatory alignment.
Authenticate
Secure access using OAuth 2.0 authentication, protect client secrets, and manage token expiration.
Assign Roles
Control access to APIs and features by assigning appropriate user roles such as Doctor or Staff.
Restrict by IP
Restrict access to APIs based on specific IP address ranges defined at the tenant level.
Transport Security
Enforce HTTPS, validate certificates, and block insecure transport to protect health data in transit and prevent unauthorized access.
Manage Expired Tokens
Manage short-lived token usage, detect expiration, and refresh tokens securely.
Security Reporting
Report security concerns, subscribe to incident alerts, and request a security posture review.
Regulatory Compliance
Review Health Gorilla's alignment with HIPAA, SOC 2, TEFCA, and other applicable healthcare interoperability and data protection standards.
Data Encryption
Understand how clinical and administrative data is encrypted at rest using AES-256 and stored securely within Health Gorilla infrastructure.
Access and Consent
Learn how Health Gorilla enforces patient consent and access restrictions across networks and tenants to comply with HIPAA, TEFCA, and national interoperability frameworks.