| Epic last week scored a win in a lawsuit that revolves around who has a right to patient health data. On Friday, the electronic health record giant managed to get defendant GuardDog Telehealth to admit to handing patient data over to law firms, despite GuardDog saying it needed the records for treatment. GuardDog agreed to a permanent ban from certain health information exchange networks. |
| The case, which Epic and a few other plaintiffs filed in January, concerns data exchange networks like Carequality and TEFCA. Those networks allow health systems and clinicians to share patient data back and forth so they can provide better care. The networks set rules that all participants agree to so the data are kept private and secure. |
| Doctors and others need access to data so they get a full picture of a person’s health, and those rules cut friction around sharing the information. But a health system isn’t going to want to hand over data if it can’t trust other users. |
| Epic accused GuardDog, Health Gorilla, and a few other organizations of breaking those rules. Epic claimed they’re accessing or enabling access to patient records for the stated purpose of treating patients — but using the data for other reasons, including providing it to lawyers looking for potential claimants for class action lawsuits. |
| Health Gorilla, which helps companies like GuardDog get onto exchange networks, has said that Epic’s allegations are unfounded and misleading. Last month it asked the court to throw out the lawsuit, arguing that Epic’s complaint is part of its strategy to attack interoperability and control access to patient information. |
| But the stipulated agreement between Epic and GuardDog throws some cold water on Health Gorilla’s position. In the agreement, which the court must approve, GuardDog admits that its business model was summarizing medical records and providing them to law firms. GuardDog also said it "understood and believed" that Health Gorilla knew what GuardDog was up to. Health Gorilla denies this, and says GuardDog refused to cooperate with an investigation. |
| These admissions could have some big implications for the other defendants in the case. They also potentially expose a weakness in the way patient data are shared throughout the US health system. It’s not clear to me if patients consented to having their data shared with law firms. Epic says they didn’t, and if that’s true, that’s a big abuse of patient trust. |
| Health Gorilla argues that Epic’s lawsuit has done damage by "calling into question the networks’ ability to self-police." And while I certainly don’t think Epic should be appointed as the rules enforcer, I’m left wondering if blind trust is really the best way for these data-sharing networks to operate. |
| - Shelby |
