Health Gorilla has filed a motion to dismiss a lawsuit brought by Epic and several health systems, arguing the case threatens the stability of nationwide interoperability frameworks used to exchange patient information.
In a Feb. 26 press release announcing the filing, Health Gorilla said the lawsuit amounts to “an attack on interoperability,” contending it could jeopardize patient safety and efficient healthcare delivery nationwide. The company said its motion asks the court to dismiss what it characterizes as a healthcare governance dispute that should have been resolved through existing contractual processes.
The lawsuit, filed Jan. 13 in the U.S. District Court for the Central District of California by Epic, OCHIN, Richmond, Ind.-based Reid Health, Livonia, Mich.-based Trinity Health and Worcester, Mass.-based UMass Memorial Health, accuses Health Gorilla and several other defendants of improperly accessing and monetizing patient medical records through national health information exchange frameworks.
The complaint alleges tens of thousands of patient records were obtained under the premise that the data was needed for treatment purposes and later rerouted to mass tort litigation marketing services. Plaintiffs argue the alleged conduct threatens patient privacy and undermines trust in nationwide interoperability systems.
According to the complaint, the defendants exploited two national interoperability frameworks — Carequality and the Trusted Exchange Framework and Common Agreement, or TEFCA — which are intended to allow providers to exchange patient records for legitimate treatment purposes. The lawsuit alleges certain entities posed as medical providers to gain access to records and then used the data for non-treatment purposes without patient consent.
Health Gorilla, a designated Qualified Health Information Network under TEFCA, is named as a central defendant. The lawsuit also names RavillaMed and entities affiliated with Mammoth Health and Unit 387. The plaintiffs are seeking injunctive relief to halt the alleged conduct and bar the defendants from accessing national interoperability frameworks.
In its motion to dismiss, Health Gorilla argues the plaintiffs bypassed mandatory contractual dispute resolution procedures designed to allow interoperability networks to self-govern and resolve disagreements through established mechanisms. Instead, the company said in its press release, the plaintiffs escalated what it describes as a governance dispute into federal litigation.
The motion also contends the lawsuit relies on information Health Gorilla voluntarily provided to Epic during a monthslong investigation involving Carequality, the TEFCA network administrator and several large health providers. The company framed that cooperation as evidence of its commitment to vetting concerns and protecting the integrity of the system, noting that none of the providers that participated in its investigation are plaintiffs in the case.
“Carequality and TEFCA protect patients by ensuring clinicians have the information they need at the point of care,” Bob Watson, CEO of Health Gorilla, said in the press release. “Bypassing them risks destabilizing systems that hundreds of millions of patients and providers depend on.”
Health Gorilla said its priority remains preserving reliable treatment access while protecting privacy, security and the integrity of the national interoperability ecosystem.
“Medical records are deeply personal and exploiting them is wrong. In its motion, Health Gorilla asserts it should be dismissed as a defendant in the lawsuit because it had a ‘lack of actual knowledge’ of wrongdoing,” an Epic spokesperson told Becker’s. “That is not an acceptable reason — Health Gorilla had a responsibility to safeguard sensitive patient data and know why it was being taken.”
The spokesperson added that the public deserves a complete investigation and transparent resolution in federal court.
“It should not be done behind closed doors,” the Epic spokesperson said.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
