HIPAA Blog

[ Tuesday, March 17, 2026 ]

Epic Ramps Up the Fight: It appears that Epic is not happy simply rousing up some of its customers to sue Health Gorilla regarding potential improper access to PHI through the CareQuality interoperability framework, part of Epic's Health Information Exchange structure, it seems that they are moving forward on multiple fronts. Background here. A few days ago, it was announced that they reached a settlement with GuardDog Telehealth, one of Health Gorilla's co-defendants, which apparently included an admission by GuardDog that they did, in fact, take PHI and provide it to trial lawyers looking for plaintiffs. This will bolster Epic's claims against Health Gorilla.

Now, it looks like Epic has reported to UPMC that it believes UPMC's system has suffered a HIPAA-reportable data breach, as part of the same pattern of access by Health Gorilla. This leverages UPMC to report the breach to potentially affected individuals, which will bring OCR into the mix as another entity looking at Health Gorilla's activities.

This will be interesting to watch. Epic does not have a reputation for playing nice.

Jeff [8:35 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template