What You Should Know
– Epic Systems—alongside OCHIN, Reid Health, Trinity Health, and UMass Memorial Health—has filed a major lawsuit against the health information network Health Gorilla and companies including Mammoth and RavillaMed.
– The lawsuit alleges the defendants operated an “organized syndicate” to improperly access and monetize nearly 300,000 patient records from the Epic community, alongside an unknown number of records from the VA and other EHR providers, for purposes such as marketing to mass tort lawyers.
The “Hydra” Scheme: Allegations of Fictitious Providers
The legal filing describes a sophisticated operation designed to create an “illusion of legitimate patient treatment activity” while harvesting sensitive medical data.
- Shell Entities: Defendants allegedly used fictitious websites, shell companies, and sham National Provider Identification (NPI) numbers to request records under the guise of treating patients.
- Data Monetization: Once accessed, the records were reportedly marketed to lawyers seeking claimants for class action or mass tort lawsuits, rather than being used for clinical care.
- Junk Data Infiltration: To “cover their tracks,” the defendants reportedly inserted junk data into patient medical records to give a false impression of treatment, a move Epic claims wastes clinician time and directly risks patient safety.
- The Hydra Effect: The lawsuit claims that when one entity is caught, the operators simply “birth a new one,” allowing the fraudulent activity to continue under a different name.
A Threat to Interoperability: Protecting the ‘Promises to Patients’
As the leading EHR developer in the U.S., supporting over 3,400 hospitals and 195 million patients, Epic argues that these bad actors put the entire healthcare ecosystem at risk.
Interoperability—the ability for different systems to share data—is the “crown jewel” of modern medicine, enabling doctors to see a patient’s full history to improve outcomes. Epic’s suit argues that by abusing this trust, the defendants are putting the “enormous positive outcomes achieved through interoperability at imminent risk”.
Health Gorilla’s Response: Denials and Counter-Allegations
In a formal statement, Health Gorilla “vehemently” denied the allegations, characterizing the lawsuit as a strategic move by Epic to stifle competition and maintain its dominant market position.
We vehemently deny the allegations against Health Gorilla by Epic. This is yet another example of Epic’s exclusionary actions that limit competition
and restrict access to healthcare data. These actions reflect broader, ongoing concerns raised by others in the industry and by government actors about monopolistic practices in health information exchange by Epic. Health Gorilla supports efforts to promote competition, patient choice, and fair access to healthcare data.
Health Gorilla exists to ethically serve the clinical community and aligned healthcare innovators by enabling secure, appropriate access to health information—including for organizations and use cases that Epic does not directly serve. Because this is active litigation, we can’t comment on specific allegations. What we can say is this: Health Gorilla denies the allegations, has acted in good faith, and will vigorously defend the claims against Health Gorilla.
When Epic raised concerns regarding four entities three months ago, we acted promptly and we have been working constructively with Epic and the relevant network authorities to address those concerns. Patients and providers depend on trusted, open interoperability to support care. We intend to be part of the solution through transparency, accountability, and continued investment in privacy and safeguards.
