Imagine you’ve confided in your doctor about a sensitive medical issue. You haven’t even disclosed the condition to your family. Then, a week later, you get a call from a lawyer who asks to chat about it.

According to the largest electronic health records system in the country, Epic Systems, scenarios like this may be occurring right now. On Tuesday, the healthcare software giant filed a lawsuit in the Central District of California alleging that “bad actors” have been marauding as medical treatment facilities in order to pull and then misuse at least 295,000 of its patient records. Epic claims those companies were then inappropriately monetizing that patient data—for example, by selling it to lawyers looking for people to join class action lawsuits.

Epic—which was founded by one of the nation’s most successful female entrepreneurs, CEO Judy Faulkner (worth $7.8 billion, per Forbes estimates)—does not yet have proof that allegedly stolen data was ultimately used to build legal cases. But the lawsuit presents evidence to claim that the defendants have been trying. The cofounder of data aggregator and defendant Hoppr has asserted at a law conference that her firm can “request and receive all of your clients’ medical records in less than 48 hours for one low flat fee”; defendant LlamaLab, a medical records manager, advertises “same-day medical records retrieval” to law firms, per the suit (and LinkedIn). As has yet another defendant, Nationwide Healthcare Provider Corp, a system that says it “pulls records straight from providers’ EHRs [electronic health records] and sends them to representative firms,” the suit alleges. The speed at which they’re offering these services is a red flag indicating they’re getting data by falsely claiming treatment purposes, Epic’s complaint claims.

The company allegedly enabling all of these actors is Health Gorilla, a healthcare tech outfit that acts as a gatekeeper through which patient records are exchanged between medical providers. Epic claims that Health Gorilla “knowingly participated in and enabled” the “abuse” of Unit 387 and the other entities, which are its clients.

“Health Gorilla denies the allegations, has acted in good faith, and will vigorously defend [itself],” the firm says in a statement. Defendant Avinash Ravilla, owner of chronic care manager RavillaMed, said that “RavillaMed categorically denies Epic’s allegations”; the other defendants did not reply to requests for comment.

Reid Health, Trinity........

© Forbes