Epic, health systems file agreement to bar GuardDog from health data networks

 Epic and several health systems have filed a stipulated judgment and proposed permanent injunction with telehealth company GuardDog Telehealth that, if entered by the court, would bar the company from accessing certain national health data-sharing networks and require it to delete patient records obtained through them.

The agreement, filed March 13 in the U.S. District Court for the Central District of California, resolves claims for injunctive relief brought by Epic, OCHIN, Richmond, Ind.-based Reid Health, Livonia, Mich.-based Trinity Health and Worcester, Mass.-based UMass Memorial Health against GuardDog Telehealth.

Here are eight things to know about the agreement:

1. Under the agreement, GuardDog and any affiliated entities are permanently prohibited from requesting patient records through the TEFCA or Carequality interoperability frameworks and must delete any patient health information obtained through those networks within one week of the court’s entry of judgment, except for records required to preserve documentation for the litigation, according to the filing viewed by Becker’s.
   
   
2. The lawsuit, filed Jan. 13, alleged GuardDog obtained thousands of patient medical records from the plaintiffs by requesting them through the Carequality interoperability framework while asserting the requests were for treatment purposes. The plaintiffs alleged the records were instead used for other business activities.
   
   
3. As part of the stipulated judgment, GuardDog admitted that since it began operating in 2024, its business focused on requesting, reviewing and summarizing medical records and providing them to law firms, rather than offering chronic care management or remote patient monitoring services as originally intended.
   
   
4. GuardDog also acknowledged obtaining medical records through the Carequality framework in 2024 by asserting a treatment purpose for those requests and that some of the records may have belonged to patients treated by providers using Epic or OCHIN systems, including the three health systems involved in the case.
   
   
5. The company further stated its predecessor organization, Critical Care Nurse Consulting LLC, provided similar services to law firms between 2022 and 2024.
   
   
6. According to the filing, GuardDog initially accessed the Carequality framework indirectly through Unit 387 and later obtained direct access through a contractual relationship with Health Gorilla. GuardDog said it believed at the time that its activities were permissible based on conversations with representatives of those entities.
   
   
7. GuardDog neither admitted nor denied the allegations in the complaint as part of the agreement, which the parties described as a compromise to resolve disputed claims. The plaintiffs also agreed not to pursue monetary damages from GuardDog under the settlement.
   
   
8. The judgment resolves all claims against GuardDog but does not affect the plaintiffs’ claims or potential legal action against other defendants named in the lawsuit.
   

The agreement stems from a lawsuit filed Jan. 13 by Epic, OCHIN, Reid Health, Trinity Health and UMass Memorial Health in the U.S. District Court for the Central District of California. The plaintiffs allege Health Gorilla and several affiliated companies improperly accessed patient medical records through national interoperability networks by claiming the data was needed for treatment.

The complaint alleges some records were later used for non-treatment purposes, including services tied to litigation efforts, raising concerns about patient privacy and the integrity of nationwide health data-sharing frameworks.

Health Gorilla, which remains a defendant in the case, said the stipulated judgment involving GuardDog does not affect it.

“GuardDog’s consent judgment has no legal impact on Health Gorilla and is incomplete at best and misleading at worst,” the company said in a statement shared with Becker’s.

Health Gorilla also said the filing does not indicate GuardDog informed the company of any non-treatment use of patient data and said GuardDog failed to cooperate with investigations into the activity.

“Epic’s lawsuit remains an attack on interoperability that threatens patient safety and efficient healthcare nationwide,” the company said, adding that it continues to comply with applicable data-sharing frameworks and will address the claims through the legal process.

https://www.beckershospitalreview.com/healthcare-information-technology/ehrs/epic-health-systems-file-agreement-to-bar-guarddog-from-health-data-networks/