Epic is dismissing its claims against a defendant in a major lawsuit brought by the electronic health record alleging health data network Health Gorilla allowed several clients to improperly access patient records for financial gain.
Legal claims will be dropped against chronic condition management firm SelfRx, after the company’s founder Martin Hensel denied requesting thousands of patient records from providers, according to court documents filed Wednesday. Epic had alleged SelfRx, which went out of business last year, had taken more than 100,000 patient records as part of a scheme to sell patient data to law firms for assembling class-action lawsuits.
Instead, Hensel said in written testimony that SelfRx had requested records for just 21 patients, and SelfRx ultimately received data for 15 of them — totaling fewer than 100 health records.
“I do not know who took those over 100,000 patient records,” he wrote.
Hensel said SelfRx partnered with intermediary data broker Unit 387 to retrieve patient records under the interoperability framework Carequality. He claimed SelfRx didn’t give Health Gorilla or Unit 387 permission to ask for patient records on its behalf.
Additionally, the company’s connection to Carequality was supposed to be governed by a written contract, but Hensel claimed SelfRx never officially signed onto it, and neither Health Gorilla nor Unit 387 had SelfRx execute the contract either.
Unit 387 couldn’t be reached for comment.
Epic’s lawsuit has become a flash point in a larger debate over health data interoperability. The lawsuit, filed in January alongside other plaintiffs including health systems Reid Health, Trinity Health and UMass Memorial Health Care, alleges the defendants are abusing data exchange frameworks, pretending to be providers who need records to treat patients and then monetizing the data.
But Health Gorilla has argued the EHR giant is using the lawsuit to restrict the free flow of health data, potentially limiting providers’ ability to deliver safe and effective care.
Epic alleges in its lawsuit that Health Gorilla didn’t properly vet its clients. In March, another defendant in the lawsuit, GuardDog Telehealth, admitted to improperly accessing patient records to provide them to law firms.
The company also said Unit 387 had masked itself as GuardDog’s predecessor firm, Critical Care Nurse Consulting, to request medical records without its knowledge.
In a statement Wednesday, Health Gorilla asserted that it has acted appropriately and investigated concerns about its clients in good faith.
A spokesperson for Health Gorilla said the plaintiffs in the Epic case had bypassed dispute resolution processes required by interoperability frameworks and instead worked to “publicly accuse numerous parties, including SelfRx, which has now been dismissed from the case with prejudice.”
In response to a request for comment on the dismissal, an Epic spokesperson pointed toward a blog post detailing recent updates of the case.
