Epic, Providers File Lawsuit Against Companies Allegedly Profiting from Confidential Patient Records

On Tuesday, January 13, Epic and a group of healthcare providers—OCHIN, Reid Health, Trinity Health, and UMass Memorial Health—announced that they have filed a lawsuit against companies allegedly exploiting confidential patient records for profit. 

According to a news release, the lawsuit claims that Health Gorilla, a health information network, allowed Mammoth, RavillaMed, and other companies to improperly access and profit from nearly 300,000 patient medical records belonging to members of the Epic community. This is in addition to an unspecified number of records taken from organizations nationwide, including the VA and providers using other EHRs.

The filing cites misconduct, including that the defendants:

• “Operate as organized syndicates to monetize patient records without patients’ knowledge or consent.”
• “Request patient records for the purpose of treating patients, but take patient records for other purposes, including to market them to lawyers looking for potential claimants … to join mass tort or class action lawsuits.”
• “Obscure their true purpose through fictitious websites, shell entities, and sham National Provider Identification (NPI) numbers … to create an illusion of legitimate patient treatment activity.”
• Cover their tracks by inserting junk data into patient medical records “to give the false impression that they are treating patients, which risks patient safety and wastes valuable clinician time.”

Furthermore, the lawsuit continues, “when caught, rather than stopping their activity, the bad entity owners, operators, and those in their inner circles simply create new companies. The scheme thus operates like a Hydra: when one fraudulent entity is exposed, the bad actors birth a new one, and if not stopped, they will continue to inappropriately market the patient data they have already taken and will take more.”

Health Gorilla posted a response on their website regarding the Epic lawsuit: “We vehemently deny the allegations against Health Gorilla by Epic. This is yet another example of Epic’s exclusionary actions that limit competition and restrict access to healthcare data. These actions reflect broader, ongoing concerns raised by others in the industry and by government actors about monopolistic practices in health information exchange by Epic. Health Gorilla supports efforts to promote competition, patient choice, and fair access to healthcare data.”