Epic’s high-profile lawsuit over the alleged misuse of patient data just scored its first major concession.
Last Friday, GuardDog Telehealth — one of the defendants accused of exploiting interoperability networks to obtain people’s health information — admitted in a legal filing that it falsely represented itself as providing treatment in order to access medical records.
Epic’s complaint, filed January 13, claims that Health Gorilla enabled other companies to inappropriately access and monetize nearly 300,000 patient medical records. Health Gorilla has denied the allegations.
How Artera is Using Agentic AI to Humanize Patient Care
Artera President Tom McIntyre talks about the practical application of AI in healthcare.
The plaintiffs are Epic, Trinity Health, UMass Memorial Health, Reid Health and OCHIN. They allege that Health Gorilla and a network of other companies set up fictitious healthcare providers, shell websites and fake provider IDs to make it look like records requests were for real treatment purposes. Instead, the data was allegedly diverted for non-treatment uses — such as marketing to lawyers seeking potential claimants for lawsuits.
GuardDog is one of the other companies involved in the network, and the rest are a cluster of small telehealth, data and shell companies — many allegedly linked to the same founders and operators — that the plaintiffs say were used to pose as legitimate providers.
The complaint also stated that the defendants inserted “junk” information into records to hide their activity and give the appearance of genuine care, which in turn risked patient safety and wasted clinician time. When one fraudulent entity was exposed, the same actors allegedly created new companies to continue the same conduct, operating “like a Hydra,” according to the lawsuit.
On February 26, Health Gorilla then filed a motion to dismiss a lawsuit, calling it “an attack on interoperability.” About two weeks later, GuardDog threw an even bigger wrinkle in the case by admitting in a court filing that it misrepresented its services to obtain patient records.
The New Blueprint: How Clever Care Health Plan is Scaling Its Member Experience [Video]
MedCity News was at the Vive conference and spoke with executives who shared their insights for the healthcare industry.
“GuardDog admits that, since it began operating as a company in 2024, its goal was to provide chronic care management and remote patient monitoring for patients, but that did not happen. For the duration of its existence, its business instead focused on requesting, reviewing, and summarizing medical records, and providing those medical records to law firms,” the filing read.
As part of its settlement with Epic and the other plaintiffs, the company agreed to stop accessing records through major interoperability frameworks, as well as to delete any patient data it gathered through those systems.
Epic said it is still fighting against Health Gorilla and the remaining defendants.
Health Gorilla maintains that GuardDog’s consent judgement changes nothing for the company.
“If you read carefully, GuardDog does not state it ever informed Health Gorilla of any non-treatment use of patient information, and we are prepared to demonstrate it did not. In addition, when Health Gorilla sought to investigate GuardDog along with the interoperability networks and several major health providers, GuardDog failed to respond and refused to cooperate,” the company said in a statement sent to MedCity News.
GuardDog’s admission may be the first crack in the case, but Epic’s battle against Health Gorilla is not yet over — and the outcome could shape how data interoperability is governed across the healthcare industry.
Photo: OsakaWayne Studios, Getty Images