Epic Systems asked the court Thursday evening to support its motion to dismiss Particle Health’s complaint that the company violated a federal antitrust statute.
In addition to detailing why the plaintiff failed to allege “tortious interference” with prospective business relationships and contracts, Epic said in the filing that the case was retribution for revealing that Particle had enabled some of its customers to obtain confidential patient medical records under false pretenses on the Carequality health information exchange network.
To help providers keep their privacy promises to patients and comply with HIPAA and state disclosure laws – while scaling the automatic exchange of patient data – an Epic representative said the company believes vetting and onboarding participants is essential to upholding data privacy promises made to patients.
WHY IT MATTERS
In September, Particle Health filed a lawsuit against Epic in the Southern District of New York. In Particle Health Inc. v. Epic Systems Corporation, the data exchange and analytics company claimed that the electronic health record (EHR) giant was trying to use its size and market share to squash competition in the payer interoperability market.
“Particle alleges a gerrymandered market artificially restricted to a single set of customers – payers – while wishing away all the competing products that perform the same functions as Particle’s product,” Epic said in its memorandum to dismiss shared with Healthcare IT News.
The company fails to “plausibly allege anticompetitive conduct,” Epic said.
Epic told Healthcare IT News that it validates endpoints as a Qualified Health Information Network under the Trusted Exchange Framework and Common Agreement, an implementer on the Carequality network and in providing interoperability support and directory services to its EHR customers.
It does this because participants of networks that falsely assert treatment purposes can theoretically take large volumes of patients’ medical records, without real-time manual review. Providers, therefore, do not have the opportunity to review whether the data requests met the conditions of use and cannot ensure that HIPAA protections are upheld, the company said.
While many interoperability networks help providers facilitate the exchange of patient information and there are rules for onboarding participants seeking to automatically receive patient data for treatment purposes, there could be a liability for HIPAA-covered entities that send patient data to questionable endpoints.
Such HIPAA gaps in data exchange networks – what Epic is calling a crisis of trust in health data exchange – allow for limited recourse under the law for certain endpoints that request and exchange data but are not HIPAA-covered entities.
The question is whether gaps in trust-based interoperability networks and frameworks might lead some health systems to consider forgoing participation in TEFCA. Interoperability works when everyone follows the same rules of engagement, and the more guardrails there are, the faster data can flow.
THE LARGER TREND
In a letter this past October asking Judge Naomi Reice Buchwald to toss out the Particle Health lawsuit, a legal representative of Epic called the suit a baseless attempt to “distract from the public reckoning stemming from Particle’s customers violating patient privacy by improperly accessing patient records for non-treatment purposes.”
At issue is a Carequality dispute, initially filed by Epic last year, that has led to public sparring over data transparency and connecting new customers to interoperability networks.
Epic said previously that it opened the dispute when it learned that a non-HIPAA-regulated entity requested to become an endpoint under a different name through the Carequality network and, in doing so, had received patient records under the guise of treatment but for a different purpose.
During Carequality’s dispute resolution process, the network said Particle confirmed that the covered entity’s use of the network is specific to treatment.
“The third customer in question could be engaging in exchange through Carequality for treatment purposes. This customer serves as a Business Associate of healthcare providers,” the network said in a statement, calling the matter resolved.
“Particle Health agreed to secure additional written documentation from its customer to confirm that its customer has documentation of the relationships related to the healthcare providers for whom it provides services.”
The company in question that received hundreds of thousands of records of patient data through Particle’s gateway has since been unable to confirm that its purposes in requesting the patient data were treatment-related and has indicated it will delete the records, Epic said. It may still be active on the Carequality network, though Epic’s customers have been disconnected from it with the dispute.
“Particle Health provided Carequality and Epic with the attestations needed for all three customers in question, including an attestation of the BAAs for the payer-provider relationships,” a Particle Health spokesperson said in an email response to this story Friday. “The information was accepted by Carequality within the required timeframe, as outlined in the resolution. Epic’s statement is a misrepresentation,” they told Healthcare IT News.
Under HIPAA, payers should obtain only the minimum necessary data for payment purposes to avoid discriminatory reimbursement and imposing on medical decisions.
Where vetting payer endpoints gets cloudy is what is labeled as payer-initiated care coordination services on behalf of providers and may request full access to medical records. Such agreements must be documented by the payer through business associate agreements, according to Epic.
Though TEFCA has taken steps to increase governance, interoperability frameworks – networks of networks – are not required under existing federal laws and policies to exhaustively vet endpoints.
It is unknown whether Carequality will reopen the dispute to follow up on corrective actions, but Healthcare IT News has reached out for comment and will update this story if there is one.
ON THE RECORD
“Particle’s invented claims are supported only by conclusory allegations and conjecture, and should be dismissed in their entirety with prejudice,” Epic said in its court filing.
“We are pleased that Epic agreed to a prompt schedule for briefing its motion to dismiss, and are confident that our claims will survive the motion,” a Particle Health spokesperson told Healthcare IT News by email on Wednesday.
This article was updated on December 20, 2024, with an additional response from Particle Health.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
