The EHR giant is charging Health Gorilla and others with scheming to sell PHI to lawyers and other shady entities. A battle is brewing over who can access protected patient data in the EHR. Epic has filed a lawsuit alleging that Health Gorilla, a digital health company that has met federal data sharing standards as a Qualified Health Information Network (QHIN) under the Trusted Exchange Framework and Common Agreement (TEFCA), allowed at least two other companies, Mammoth Path Solution and RavillaMed, to “improperly access and monetize nearly 300,000 patient medical records” through the Carequlity platform. Joining the lawsuit are Epic customers UMass Memorial Health, Trinity Health, Reid Health and OCHIN (Oregon Community Health Information Network). It cites violations of both the Federal Computer Fraud and Abuse Act and California’s Business and Professions Code. The lawsuit, filed in January, charges that the defendants used fictitious websites, shell entities and fake NPI (National Provider Identification) numbers to request patient data, which was then marketed to “lawyers looking for potential claimants … to join mass tort or class action lawsuits.” The defendants then inserted “junk data” into those records “to give the false impression that they are treating patients, which risks patient safety and wastes valuable clinician time.” googletag.cmd.push(function() { googletag.display(“dfp-ad-hl_native1”); }); [Also read: TEFCA Gets Ready for its Moment in the Spotlight.] The lawsuit also charged that the companies in question changed their identities after being caught and are still operating. “At stake are both the protection of medical records that contain…
