Epic‘s high-profile lawsuit over alleged misuse of patient data just marked its first major concession.
Last Friday, GuardDog Telehealth — one of the defendants accused of exploiting interoperability networks to obtain information about people’s health — admitted in a court filing that it falsely represented itself as providing treatment in order to access medical records.
Epic’s complaintfiled Jan. 13, claims Health Gorilla allowed other companies to improperly access and monetize nearly 300,000 patient medical records. Health Gorilla has denied the allegations.
The plaintiffs are Epic, Trinity Health, UMass Memorial Health, Reid Health And OCHIN. They allege that Health Gorilla and a network of other companies created fictitious health care providers, fictitious websites, and fake provider identifiers to make it appear that records requests were for genuine treatment purposes. Instead, the data was allegedly misused for non-therapeutic purposes, such as marketing to lawyers seeking potential plaintiffs for lawsuits.
GuardDog is one of the other companies involved in the network, and the others are a group of small telehealth, data and display companies – many of which are allegedly linked to the same founders and operators – that the plaintiffs say were used to pose as legitimate providers.
The complaint also stated that the defendants inserted “junk” information into the records to hide their activity and give the appearance of genuine care, thereby endangering patient safety and wasting clinicians’ time. When a fraudulent entity was revealed, the same actors would create new companies to continue the same behavior, operating “like a hydra,” according to the lawsuit.
On February 26, Health Gorilla then filed a motion to dismiss a lawsuit, calling it an “attack on interoperability.” About two weeks later, GuardDog threw an even bigger problem into the case by admitting in a court filing that she misrepresented her services to obtain patient records.
“GuardDog admits that since it began operating as a company in 2024, its goal was to provide chronic care management and remote patient monitoring, but this did not occur. For the entire duration of its existence, its business was instead focused on requesting, reviewing, and summarizing medical records, and providing those medical records to law firms,” the filing states.
As part of its settlement with Epic and the other plaintiffs, the company agreed to stop accessing records through major interoperability frameworks, as well as to delete all patient data collected through these systems.
Epic said it is still fighting Health Gorilla and the other defendants.
Health Gorilla maintains that GuardDog’s consent judgment changes nothing for the company.
“If you read carefully, GuardDog makes no representation that it ever informed Health Gorilla of any non-therapeutic use of patient information, and we are prepared to demonstrate that this is not the case. Additionally, when Health Gorilla sought to investigate GuardDog as well as Interoperability Networks and several major healthcare providers, GuardDog was unresponsive and refused to cooperate,” the company said in a statement sent to MedCité News.
GuardDog’s admission may be the first crack in the case, but Epic’s battle against Health Gorilla isn’t over yet — and the outcome could shape how data interoperability is governed in the healthcare industry.
Photo: Osaka Wayne Studios, Getty Images
