Overview
- Epic, OCHIN, Reid Health, Trinity Health and UMass Memorial filed the suit Jan. 13 in the U.S. District Court for the Central District of California.
- The complaint alleges nearly 300,000 patient records from Epic users were retrieved under false pretenses through Carequality and TEFCA pathways for non-treatment uses, with additional records reportedly drawn from other providers including the VA.
- Plaintiffs say defendants posed as providers using shell entities, sham NPI numbers and fictitious websites, then injected junk clinical documents to mimic care activity.
- Health Gorilla, a TEFCA-designated QHIN, is accused of insufficient vetting of participants and ignoring red flags; the company denies wrongdoing and claims Epic is restricting data access to stifle competition.
- The filing cites a pattern of rebranding by entities flagged for misuse, including a firm banned in 2024 followed by a related company resuming access, and warns the conduct erodes trust in interoperability and burdens providers with monitoring and remediation.