Health Gorilla Asks Court to Dismiss Epic Lawsuit

The digital health company is fighting charges from the EHR giant that it and others improperly accessed protected health information. Another company charged in the suit is also asking for a dismissal.

At least two digital health companies being sued by Epic over charges of improperly accessing patient medical records is asking the court to dismiss the suit.

Health Gorilla has filed a motion to dismiss the January lawsuit, which charged the company and several others with using fictitious websites, shell entities and fake NPI (National Provider Identification) numbers to request patient data, which was then marketed to “lawyers looking for potential claimants … to join mass tort or class action lawsuits.” The defendants then allegedly inserted “junk data” into those records “to give the false impression that they are treating patients, which risks patient safety and wastes valuable clinician time.”

According to Health Gorilla officials, the lawsuit is “part of a pattern of conduct by Epic to deter both its competitors and customers from embracing innovation in interoperability, which undermines the framework and risks a more efficient, safer healthcare system.”

Company officials said Health Gorilla, which has met federal data sharing standards as a Qualified Health Information Network (QHIN) under the Trusted Exchange Framework and Common Agreement (TEFCA), “willingly cooperated in investigations concerning certain network participants, during a months-long, exhaustive and voluntary process involving Carequality, the TEFCA network administrator, and several of the nation’s largest health providers.”

“Carequality and TEFCA protect patients by ensuring clinicians have the information they need at the point of care,” Health Gorilla CEO Bob Watson said in the press release announcing the motion to dismiss. “Bypassing them risks destabilizing systems that hundreds of millions of patients and providers depend on.”

[Also read: Epic Lawsuit Puts EHR Access in a Harsh Spotlight.]

Epic officials responded quickly to the announcement.

“Medical records are deeply personal and exploiting them is wrong,” an Epic spokesperson said in an e-mail. “In their motion, Health Gorilla asserts that they should be dismissed as a defendant in the lawsuit because they had ‘lack of actual knowledge’ of wrongdoing. That is not an acceptable reason – Health Gorilla had a responsibility to safeguard sensitive patient data and know why it was being taken. The public deserves a complete investigation and transparent resolution in federal court. It should not be done behind closed doors.”

Joining the lawsuit are Epic customers UMass Memorial Health, Trinity Health, Reid Health and OCHIN (Oregon Community Health Information Network). It cites violations of both the Federal Computer Fraud and Abuse Act and California’s Business and Professions Code.

Also filing a motion to dismiss is LlamaLab, one of more than a dozen companies that Epic charged with accessing data through the Health Gorilla framework. The company says it “helps victims of catastrophic injuries and corporate negligence retrieve the critical records they need to build their cases and get the financial relief they deserve.”

“Epic's 90-page complaint sweeps LlamaLab into a case with over a dozen other defendants,” company officials said in a press release. “These defendants span three entirely separate groups, operating in different states, on different timelines, with different business models. LlamaLab has no connection to any of the other companies and individuals named in the case. As detailed in the filings, these groups had ‘no coordinated plan, no conspiracy, no communication with one another,’ and no business relationship of any kind. Epic has also reserved the right to add up to 100 more unnamed defendants to the case.”

“Crucially, Epic grouped LlamaLab into the same lawsuit as an individual with a federal criminal conviction for conspiracy to defraud the United States and a bar from the SEC,” the release continued. “LlamaLab has never met, spoken to, or worked with that individual or any of the other defendants. The filings warn against Epic's attempt to manufacture ‘guilt by association’ and the risk that a jury would unfairly hold evidence about one defendant against another.”

"Patient privacy has always come first,” the company’s founder, Shere Saidon, said in the release. “We have never sold, stolen, or misused patient data, and we never will. This lawsuit isn't about protecting patients; it's about a gatekeeper protecting its dominance by targeting companies that try to make it easier for patients to retrieve their own medical records. It is a transparent attempt by a market-dominant player to crush potential competition and protect its own revenue streams."