Epic Systems asked the court Thursday evening to support its motion to dismiss Particle Health’s complaint that the company violated a federal antitrust statute.
In addition to outlining why the plaintiff failed to allege tortious interference with potential business relationships and contracts, Epic said in the filing that the suit was in retaliation for the revelation that Particle had enabled some of its customers to obtain confidential medical records from patients under false pretenses. on the healthcare information exchange network Carequality.
To help providers keep their privacy promises to patients and comply with HIPAA and state disclosure laws — while scaling up the automatic exchange of patient data — an Epic representative said the company believes that vetting and onboarding of participants is essential to delivering on data privacy promises to patients.
WHY IT’S IMPORTANT
In September, Particle Health filed a lawsuit against Epic in the Southern District of New York. In Particle Health Inc. v. Epic Systems Corporationthe data sharing and analytics company alleged that the electronic health record (EHR) giant was trying to use its size and market share to undermine competition in the payer interoperability market.
“Particle alleges a gerrymandered market that is artificially limited to a single group of customers – payers – while wishing away all competing products that perform the same functions as Particle’s product,” Epic said in its memorandum to dismiss , shared with Healthcare IT news.
The company fails to “plausibly allege anticompetitive conduct,” Epic said.
Epically told Healthcare IT news that it validates endpoints as a Qualified Health Information Network under the Trusted Exchange Framework and Common Agreement, an implementer on the Carequality Network and in providing interoperability support and directory services to its EHR customers.
This happens because participants in networks that falsely claim treatment purposes can theoretically collect large amounts of patients’ medical records, without real-time manual review. Providers therefore do not have the ability to assess whether the data requests meet the terms of use and cannot guarantee that HIPAA protections will be enforced, the company said.
While many interoperability networks help providers facilitate the exchange of patient information and there are rules for onboarding participants who wish to automatically receive patient data for treatment purposes, there may be liability for HIPAA covered entities that send patient data to questionable endpoints.
Such HIPAA gaps in data sharing networks – what Epic calls a crisis of trust in health data exchanges – allow for limited remedies under the law for certain endpoints that request and exchange data but are not HIPAA covered entities.
The question is whether gaps in trust-based interoperability networks and frameworks could lead some healthcare systems to consider opting out of TEFCA. Interoperability works when everyone follows the same rules, and the more guardrails there are, the faster data can flow.
THE BIG TREND
In a letter last October asking Judge Naomi Reice Buchwald to dismiss the Particle Health lawsuit, a legal representative for Epic called the lawsuit a baseless attempt to “distract from the public reckoning arising from the fact that Particle’s customers violating patient privacy by inappropriately accessing patient records for non-treatment purposes.”
At issue is a Carequality dispute, initially filed last year by Epic, that has led to public sparring over data transparency and connecting new customers to interoperability networks.
Epic previously said it opened the dispute when it learned that a non-HIPAA regulated entity had requested to become an endpoint under a different name through the Carequality network, receiving patient records under the guise of treatment, but for another purpose.
During Carequality’s dispute resolution process, the network confirmed that Particle confirmed that the covered entity’s use of the network is specific to treatment.
“The third customer in question could make an exchange through Carequality for treatment purposes. This customer serves as a business partner of healthcare providers,” the network said in a statement, calling the case resolved.
“Particle Health agreed to obtain additional written documentation from its client to confirm that its client has documentation of the relationships involving the health care providers for whom it provides services.”
The company in question, which received hundreds of thousands of records of patient data through Particle’s gateway, has since been unable to confirm that the purposes for requesting the patient data were related to treatment and has indicated that it will delete the records. It may still be active on the Carequality network, although Epic’s customers have been disconnected due to the dispute.
Under HIPAA, payers may obtain only the minimum necessary data for payment purposes to avoid discriminatory reimbursement and imposition of medical decisions.
Where vetting payer endpoints becomes unclear is what is referred to as payer-initiated care coordination services on behalf of providers and who may request full access to medical records. Such agreements must be documented by the payer through business associate agreements, according to Epic.
Although TEFCA has taken steps to improve governance, interoperability frameworks – networks of networks – are not required under existing federal laws and policies to comprehensively examine endpoints.
It is not known whether Carequality will reopen the dispute to follow up on corrective action, but Healthcare IT news has requested comment and will update this story if any.
ON THE RECORD
“Particle’s fabricated claims are supported only by conclusive allegations and suspicions and must be dismissed in their entirety with prejudice,” Epic said in its court filing.
“We are pleased that Epic has agreed to an expeditious schedule for notifying the motion to dismiss, and are confident that our claims will survive the motion,” a Particle Health spokesperson told us. Healthcare IT news by email on Wednesday.
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.