Health data network Health Gorilla has filed a motion to dismiss a lawsuit brought earlier this year by Epic and several health systems alleging improper access to patient records.
The motion, filed last Thursday, called Epic’s lawsuit “an attack on interoperability.”
The dispute reflects unresolved ambiguities in how data interoperability should be governed across the healthcare industry. Experts think the lawsuit is less about stopping one bad actor — and more about the need to define standardized rules and boundaries around healthcare data exchange.
Epic’s complaint, filed January 13, claims that Health Gorilla enabled other companies to inappropriately access and monetize nearly 300,000 patient medical records. Health Gorilla has denied the allegations.
The plaintiffs are Epic, Trinity Health, UMass Memorial Health, Reid Health and OCHIN. They allege that Health Gorilla and a network of other companies set up fictitious healthcare providers, shell websites and fake provider IDs to make it look like records requests were for real treatment purposes. Instead, the data was allegedly diverted for non-treatment uses — such as marketing to lawyers seeking potential claimants for lawsuits.
The other companies involved in the network are a cluster of small telehealth, data and shell companies — many allegedly linked to the same founders and operators — that the plaintiffs say were used to pose as legitimate providers.
The complaint also stated that the defendants inserted “junk” information into records to hide their activity and give the appearance of genuine care, which in turn risked patient safety and wasted clinician time. When one fraudulent entity was exposed, the same actors allegedly created new companies to continue the same conduct, operating “like a Hydra,” according to the lawsuit.
In its motion to throw out the case, Health Gorilla argued that the dispute should be handled through the networks’ built-in governance and dispute resolution processes rather than federal litigation.
The company also said it cooperated with months-long investigations into the issue, and it maintains that Epic’s lawsuit threatens the stability of national data sharing systems used by providers.
“Epic tries to paint itself as a good actor because it has come under sustained criticism and inquiry from regulators and private plaintiffs for its widespread unfair business practices, and it desperately needs a distraction from its primary goals, which are to continue enriching itself at the expense of patients nationwide. The case should be dismissed,” Health Gorilla’s motion stated.
The Health Gorilla lawsuit is the latest in a series of legal disputes for Epic, which is also locked in a high-profile battle with data platform Particle Health.
In September 2024, Particle Health sued Epic over claims that the EHR vendor is using its dominance in the market to prevent competition in the payer platform space. The complaint claims that Epic imposed technical and contractual barriers that limited access to patient data, which has effectively blocked rivals from building competing payer-facing platforms. Last September, a federal judge advanced the antitrust lawsuit.
Epic is fighting vigorously in both lawsuits.
“Medical records are deeply personal and exploiting them is wrong. In their motion, Health Gorilla asserts that they should be dismissed as a defendant in the lawsuit because they had ‘lack of actual knowledge’ of wrongdoing. That is not an acceptable reason — Health Gorilla had a responsibility to safeguard sensitive patient data and know why it was being taken,” an Epic spokesperson said in a statement sent to MedCity News.
The EHR giant added that the public deserves a complete investigation and resolution in federal court rather than behind closed doors.
Photo: SimpleImages, Getty Images
