Assign Roles
Health Gorilla enforces access controls through role-based permissions assigned at the user level. Each user account is granted a role such as Doctor, Nurse, or Staff, which determines the API actions and features available to that user. Role assignment is managed during onboarding and can be updated by request.
Roles align with HIPAA-defined job functions and support least-privilege access for sensitive operations like ordering, messaging, and record retrieval.
Common Roles and Capabilities
| Role | Description | Example Permissions |
|---|---|---|
| Doctor | Licensed provider with full clinical access | Query patient data, submit orders |
| Nurse | Clinical staff with partial access | View patient data, assist in care |
| Staff | Non-clinical personnel with limited access | Verify demographics, submit referrals |
| Support | Technical or admin users with restricted capabilities | Monitor API activity, troubleshoot |
To assign or update user roles
- Submit a request to Health Gorilla Support identifying the user and desired role.
- Confirm that the role aligns with the user’s job function and permitted use case.
- Health Gorilla will validate and apply the role change.
Role-based access must align with your organization’s security policy and data use agreement. Unauthorized role escalation may result in access revocation.