The interoperability framework for healthcare quality issued the results of an independent resolution in the dispute between Epic and Particle Health on Tuesday, but both sides appear further entrenched in their stated opposition.
“The Carequality Steering Committee resolution confirms that Particle Health customers improperly accessed people’s medical records by falsely claiming to treat them as patients,” an Epic spokesperson said. Healthcare IT news by email on Wednesday. “The resolution affirms that Epic and its customers have taken appropriate measures to protect patient privacy.”
“We consider this resolution a victory,” Particle Health CEO Jason Prestinario said in a statement also emailed the same day. “Quality of Care voided Epic’s original dispute, and Epic has agreed to implement greater transparency and open communication, with a six-month monitoring period to ensure compliance with this agreement.”
Due diligence questions
In September, Particle filed an antitrust lawsuit in the Southern District of New York, alleging that Epic Systems uses its monopoly on electronic health records to deny its vendor customers access to data and stifle competition in the payment platform market.
In response to the filing, Epic asked Carequality to release the dispute resolution, but the interoperability framework said last week it could not release information until the resolution process was complete.
A panel of Carequality community members and outside subject matter experts reviewed Epic’s March and Particle Health claims regarding each other’s participation in the framework.
According to Carequality, Epic alleged that three Particle customers submitted queries for treatment purposes when they were not, and while it appeared that two of them had signed authorizations, the data was not intended for treatment purposes.
“It appears that Particle Health conducted due diligence on each of the three customers for onboarding purposes, although this due diligence activity failed to uncover inaccurate information provided by each customer,” Carequality said in a statement Tuesday summary of its dispute resolution findings.
Subsequently, Particle terminated the contracts with those specific organizations in June, and they are also no longer Carequality Connections. They will be terminated for 12 months, and reintroduction into the framework will require the approval of the network’s steering committee.
“The resolution affirms that Epic and its customers have taken appropriate measures to protect patient privacy,” Epic said in a statement.
Unclear technical requirements
Particle acknowledged that one customer had inappropriately recorded data, and a second customer admitted to inappropriately recorded data, Epic said.
For the third organization, Particle agreed to secure additional documentation regarding its relationships with healthcare providers and agreed to a six-month corrective action plan to comply with Carequality’s process requirements.
“Carequality discovered that the customer did not require HIPAA agreements with those organizations,” Epic said.
In the solutionsaid Carequality asked Epic Particle to “delete and confirm the deletion of data obtained through Carequality, in violation of HIPAA and Carequality policies.”
While one of Particle’s now terminated customers confirmed in an email to Particle that “it has deleted all patient health data obtained through Particle out of an abundance of caution,” the resolution said, the other must do so within 20 days.
The customer who did not have required HIPAA agreements has 20 days to provide proof of a valid agreement or must also delete the obtained information.
Although Epic and Particle agreed to Carequality’s release of the resolution, the framework said it released a redacted version because multiple parties declined, and three Particle customers in question are not named.
Epic has tasked the public health data analytics provider with masking its customers based on interpretations of network technical requirements, Carequality said.
“It was demonstrated that Particle Health was not using a ‘masking gateway,’” the report said, noting that the dispute helped clarify the technical requirements within the framework.
“Epic has agreed to update its policy to include clear, objective criteria that can be used by Epic to determine whether Epic believes that an organization participating in Carequality is providing treatment and, for a six-month period, to provide information to Carequality to confirm that it is acting in accordance with this policy,” the summary said.
Meanwhile, Epic said the resolution reveals data transparency deficiencies in Particle’s process of connecting new customers to the framework and was also warned about misleading marketing.
“Particle lawsuits have failed to prevent inappropriate customer access to medical records from thousands of hospitals across America,” Epic said. “Particle places applicant information in a different location than almost every other Carequality provider.”
For its part, Carequality said it has initiated new compliance monitoring and audit processes to proactively identify potential future issues.
Stated positions
“We remain committed to maintaining the trust embedded in our interoperability framework and protecting sensitive patient information,” Carequality said in a statement. “The resolution of these disputes not only validates the effectiveness of our framework, but also highlights our steadfast commitment to advancing interoperability while protecting patient data.”
“The greater transparency and clarity outlined – especially as it calls on Epic to make changes for more open communication with the ecosystem – will benefit all participants and drive positive innovation for patient care,” Prestinario said.
“Epic did not single out Particle or its customers,” the EHR giant said.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.