Epic Systems, the largest provider of software for managing medical records, has taken action against Particle Health, a venture-backed startup, for using patient data in unauthorized ways outside the scope of treatment. The termination of the connection between Epic and Particle has impacted Particle’s access to a system containing over 300 million patient records. Particle, as a intermediary entity, facilitates data exchange between Epic and various healthcare organizations.
Patient data is protected under the Health Insurance Portability and Accountability Act (HIPAA), ensuring that third-party access requires patient consent or knowledge. Epic’s electronic health records (EHR) are accessed through a network known as Carequality, enabling the exchange of a substantial volume of medical documents each month. Particle, a member of the Carequality network, has recently come under scrutiny for potential misrepresentation of the permitted purposes for accessing patient data.
Epic filed a dispute with Carequality on March 21, citing concerns regarding how Particle and its participant organizations may have inaccurately defined the purpose associated with their data retrievals. This led to the suspension of the connection between Epic and Particle. The dispute highlights potential security and privacy risks, including the risk of HIPAA Privacy Rule violations.
Despite requests for comment from Epic and Particle, representatives have remained silent on the matter. Particle, however, released a blog post addressing the issue and acknowledging the complexity of defining treatment in the evolving landscape of healthcare conglomerates.
As the largest EHR vendor in the U.S., Epic’s decision to sever ties with Particle has significant implications for the healthcare data ecosystem. The move underscores the importance of upholding data privacy and security standards in the exchange of sensitive patient information.
‘Non-treatment use case’
Epic expressed concerns over certain participant organizations connected to Particle engaging in non-treatment related data usage. Red flags such as abnormal patterns in record exchanges and lack of data return from patients raised suspicions. These anomalies prompted Epic and its Care Everywhere Governing Council to evaluate Particle’s participant connections more closely.
The unfolding dispute sheds light on the ethical considerations surrounding data sharing in the healthcare industry. The dispute resolution process initiated by Epic through Carequality showcases a commitment to maintaining the integrity of data exchange protocols.
Particle founder Troy Bannister’s response on LinkedIn questioned Epic’s unilateral actions and emphasized the importance of trust-based exchanges in healthcare data sharing. The ongoing formal dispute process will likely shape future practices in data sharing and interoperability within the healthcare sector.
Overall, the dispute between Epic Systems and Particle Health underscores the complexities of data privacy and consent in the healthcare industry. As technology continues to drive innovation in patient care, maintaining stringent protocols for data access and usage is paramount to ensure patient trust and confidentiality.
