National Network Enforcement

Health Gorilla participates in networks such as Carequality, CommonWell, and TEFCA. Each network enforces its own policies for access control, including:

• Permitted Purpose: All queries must be associated with a permitted purpose of use, such as treatment or healthcare operations.
• Provider Attestation: In many cases, a provider must attest to having a treatment relationship with the patient.
• Participant Credentials: Network exchanges are restricted to participants with verified credentials and approved endpoints.

Tenant-Level Access Controls

Within your tenant, access to patient records is governed by:

• User Roles: Each user is assigned a role (e.g., Doctor, Staff, Admin) that defines access rights within the system.
• Group Membership: Users may be restricted to viewing records associated with specific facilities or organizational groups.
• Consent Flags: Patient records may include consent directives or sharing preferences that must be honored.

Record Sharing Scenarios

Some examples of access enforcement include:

• A doctor querying for a patient must have an active treatment relationship recorded in the system.
• A population-level export must use an approved operations use case and be aligned with payer attribution.
• If a patient has opted out of network sharing, the query will return no results or generate an error response.

FHIR Support

The FHIR API supports consent-aware access using:

• Consent resources to record directives when available
• Security labels in meta.security to reflect access policies
• OAuth scopes that restrict available operations by user and context

Access and consent rules are enforced during every query and may block data retrieval if requirements are not met. If access is denied, the API returns an OperationOutcome explaining the reason for the failure.