"Earlier this month, Epic, together with a handful of healthcare providers, filed a federal lawsuit against health data network Health Gorilla aimed at stopping an alleged scheme to exploit and monetize patient medical records without consent. Ultimately, the dispute reflects unresolved ambiguities in how data interoperability should be governed across the healthcare industry. Experts think the lawsuit is less about stopping one bad actor - and more about the need to define standardized rules and boundaries around healthcare data exchange."
"The plaintiffs are Epic, Trinity Health, UMass Memorial Health, Reid Health and OCHIN. They allege that Health Gorilla and a network of other companies set up fictitious healthcare providers, shell websites and fake provider IDs to make it look like records requests were for real treatment purposes. Instead, the data was allegedly diverted for non-treatment uses - such as marketing to lawyers seeking potential claimants for lawsuits."
"The complaint also stated that the defendants inserted "junk" information into records to hide their activity and give the appearance of genuine care, which in turn risked patient safety and wasted clinician time. When one fraudulent entity was exposed, the same actors allegedly created new companies to continue the same conduct, operating "like a Hydra," according to the lawsuit. The lawsuit alleges violations of HIPAA, as well as other federal and state privacy protections."
Epic, Trinity Health, UMass Memorial Health, Reid Health and OCHIN filed a federal complaint alleging Health Gorilla enabled other companies to inappropriately access and monetize nearly 300,000 patient medical records. The complaint alleges a network of telehealth, data and shell companies used fictitious providers, shell websites and fake provider IDs to obtain records for non-treatment uses, including marketing to lawyers. Defendants allegedly inserted "junk" data to disguise activity, risking patient safety and wasting clinician time. Health Gorilla has denied the allegations. The suit cites HIPAA and other federal and state privacy protections and underscores ambiguities in governing health data interoperability.
Read at MedCity News
Unable to calculate read time
Collection
[
|
...
]