EHR large Epic, along with a handful of healthcare suppliers, has filed a federal lawsuit aimed toward stopping what it calls a scheme to use and monetize affected person medical information with out consent.
The grievance, filed January 13, claimed that sure corporations improperly accessed delicate well being info after which offered or marketed that knowledge for revenue, relatively than utilizing it for reputable medical care.
The plaintiffs are Epic, Trinity Well being, UMass Memorial Well being, Reid Well being and OCHIN. They alleged that well being knowledge community Well being Gorilla enabled different corporations to inappropriately entry and monetize almost 300,000 affected person medical information.
The grievance mentioned that Well being Gorilla and a community of different corporations arrange fictitious healthcare suppliers, shell web sites and pretend supplier IDs to make it appear to be information requests have been for actual therapy functions. As an alternative, the info was allegedly diverted for non-treatment makes use of — resembling advertising to attorneys in search of potential claimants for lawsuits.
The lawsuit additionally claimed that the defendants inserted “junk” info into information to cover their exercise and provides the looks of real care, which in flip risked affected person security and wasted clinician time.
When one fraudulent entity was uncovered, the identical actors allegedly created new corporations to proceed the identical conduct, working “like a Hydra,” based on the grievance.
The lawsuit alleged violations of HIPAA, in addition to different federal and state privateness protections. It additionally framed the scheme as threatening each affected person privateness and the integrity of interoperable well being knowledge sharing methods.
“At stake are each the safety of affected person information that include a few of an individual’s most delicate knowledge, resembling genetic, psychological wellbeing, and reproductive info, and the flexibility of physicians to maintain their guarantees to sufferers that their info can be stored non-public,” the grievance learn.
The plaintiffs argued that this sort of misuse undermines belief in nationwide interoperability frameworks by turning methods designed for care coordination into autos for knowledge harvesting.
The plaintiffs are in search of injunctive reduction to right away put an finish to the alleged misconduct.
Well being Gorilla didn’t instantly reply to MedCity Information’ request for remark.
Photograph: deepblue4you, Getty Pictures
