Epic announced on Tuesday that it and a group of health care providers have taken legal action to safeguard patient privacy and medical information.
According to a statement and the lawsuit, Health Gorilla, a health information network, enabled Mammoth, RavillaMed and other companies to improperly access and monetize nearly 300,000 patient medical records from members of the Epic community.
OCHIN, Reid Health, Trinity Health, UMass Memorial Health and Epic have filed a lawsuit to stop the alleged conduct. The filing cites misconduct including that the defendants:
-
“Operate as organized syndicates to monetize patient records without patients’ knowledge or consent;”
Advertisement -
“Request patient records for the purpose of treating patients but take patient records for other purposes including to market them to lawyers looking for potential claimants … to join mass tort or class action lawsuits;”
-
“Obscure their true purpose through fictitious websites, shell entities, and sham National Provider Identification (NPI) numbers … to create an illusion of legitimate patient treatment activity;” and
-
Cover their tracks by inserting junk data into patient medical records “to give the false impression that they are treating patients, which risks patient safety and wastes valuable clinician time.”
The lawsuit, filed Tuesday in Los Angeles federal court states that, “when caught, rather than stopping their activity, the bad entity owners, operators and those in their inner circles simply create new companies. The scheme thus operates like a Hydra: when one fraudulent entity is exposed, the bad actors birth a new one” and “if not stopped, they will continue to inappropriately market the patient data they have already taken and will take more.
“At stake are both the protection of medical records that contain some of a person’s most sensitive data, such as genetic, mental wellbeing and reproductive information and the ability of physicians to keep their promises to patients that their information will be kept private.”
