Epic and major health systems file lawsuit against companies exposing patient records
Epic with OCHIN, Reid Health, Trinity Health, and UMass Memorial Health filed a lawsuit against companies who were allegedly using patient records to make money, according to an announcement.
There were nearly 300,000 known affected patients. The plaintiffs aim to “defend patient privacy and protect sensitive medical information.”
The defendants include: Health Gorilla, Inc.; RavillaMed PLLC; Avinash Ravilla; Shere Saidon; LlamaLab, Inc.; Unique Medi Tech LLC, d/b/a Mammoth Dx; Mammoth Path Solution, LLC; Mammoth Rx, Inc.; Ryan Hilton; Daniel Baker; Max Toovey; Unit 387 LLC; SelfRx, LLC d/b/a Myself.Health; Critical Care Nurse Consultants, LLC d/b/a GuardDog Telehealth; Hoppr, LLC; Meredith Manak, and DOES 1-100. The lawsuit alleges that Health Gorilla allowed the other companies unauthorized access for over 300,000 global patient medical records and profited from it.
The announcement states that OCHIN, Reid Health, Trinity Health, UMass Memorial Health, and Epic claim that the defendants:
- "Operate as organized syndicates to monetize patient records without patients' knowledge or consent."
- "Request patient records for the purpose of treating patients but take patient records for other purposes including to market them to lawyers looking for potential claimants … to join mass tort or class action lawsuits."
- "Obscure their true purpose through fictitious websites, shell entities, and sham National Provider Identification (NPI) numbers … to create an illusion of legitimate patient treatment activity."
- Cover their tracks by inserting junk data into patient medical records "to give the false impression that they are treating patients, which risks patient safety and wastes valuable clinician time."
They also claim that the defendants would create new companies to continue profiting from patient records when caught.
