In late September, Particle Health, a patient data aggregation and delivery platform that provides both data and insights to healthcare companies, filed a lawsuit against Epic Systems, a large provider of health information technology.
In its lawsuit, Particle alleges that Epic has attempted to steer customers away from Particle’s software platform toward Epic’s health information technology system. Particle alleges such action is part of Epic’s attempt to stifle competition in the payer platform market, of which Epic and Particle are both part. Details of the antitrust lawsuit brought by Epic in federal district court are provided below.
What is Health Information Technology?
According to the Office of the National Coordinator for Health Information Technology (ONC), health information technology (health IT) refers to the electronic systems that healthcare professionals and patients use to store, share, and analyze health information.
Health information technology includes:
- Electronic health records (EHRs): Under certain circumstances, a doctor may share EHRs with a specialist, allowing for patient care coordination.
- Personal health records: Patients control the kind of information that goes into PHRs. Patients can use EHRs to keep track of doctor visit information, as well as non-visit information patients choose to track, such as calorie intake and exercise data.
- Electronic prescribing (E-prescribing): E-prescribing allows doctors to communicate directly with pharmacies without the need for a paper prescription.
Epic Systems, Particle Health alleges, is a health information technology giant that provides medical records to providers and insurers. According to Particle Health’s complaint, nearly every large healthcare provider in the nation uses Epic’s EHR platform and software, and over three-quarters of the U.S. population have electronic health records within an Epic database.
Particle Health, legally positioning itself as the David to the Goliath that its lawsuit paints Epic to be, describes itself as providing two key services: A record retrieval service, which allows users to interface with EHR companies like Epic to smoothly request medical records at scale, and an analytics service, which allows users to efficiently store and monitor trends in the medical records they request.
Health Information Technology Provider Particle Health Files EPIC Lawsuit-The Allegations
In its lawsuit against Epic Systems, health information technology provider Particle Health alleges that Epic is stifling competition in, and entry into, the “payer platform market” in which both parties compete. This market is populated by health insurers, who seek to review and store medical records, using health information technology, at large scale. Particle alleges that Epic has tried coercing Particle’s customers to stop doing business with Particle, and that Epic has also unlawfully thwarted Particle’s attempts to bring on new clients.
Specifically, Particle Health alleges that Epic limited Particle’s access to patient records within a nationwide health information exchange framework for half a year to lock Particle out of further advancement into the payer platform market. The health information exchange framework in question is Carequality. Like other health information exchange frameworks, Carequality allows member organizations to securely share data with each other.
Particle alleges that Epic has attempted to besmirch Particle’s reputation in the eyes of Carequality, by Epic’s raising concerns (which Particle claims are unfounded) that Particle has misrepresented the reasons for Particle’s record retrievals. Particle also alleges that Epic’s monopolistic and bullying actions extend to Epic’s having made false complaints about Particle and to Epic’s having flooded Particle’s support team with “unfounded security concerns.” Particle seeks to enjoin these actions, and also seeks financial damages.
Suffice it to say, Epic takes umbrage at the allegations. Epic’s response accuses Particle of misdirections. “This lawsuit attempts to divert attention from the real issue: Particle’s unlawful actions on the Carequality health information exchange network violated HIPAA privacy regulations,” an Epic spokesperson told Becker’s Healthcare. “Epic’s software is open and interoperable, allowing healthcare organizations to easily share data under HIPAA and all relevant regulations. Epic will continue to protect patient privacy and vigorously defend itself against Particle’s meritless claims,” the spokesperson notes.
Potential Antitrust Violations and an EPIC Lawsuit: The 21st Century Cures Act
In its complaint, Particle cites Epic’s actions with respect to the 21st Century Cures Act as evidence of Epic’s (allegedly unlawful) anticompetitive intent. Congress passed the 21st Century Cures Act in December of 2016. The Cures Act contains multiple provisions designed to lower healthcare costs. Among the Cures Act requirements is an “interoperability” requirement.
“Interoperability” is the ability of computer systems or software to exchange and make use of information. The Cures Act aimed to ensure interoperability by prohibiting the practice of “information blocking,” which, as defined by the regulations implementing the Cures Act, is a practice that “is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.”
Particle alleges that Epic fought to within an inch of its life to oppose the interoperability requirement. In support of this allegation, Particle notes that Epic CEO Judy Faulkner, during the runup to the Cures Act’s passage, “even pressured Epic’s largest clients to go on record in opposition to the goal of increasing interoperability,” stating: “HHS needs to hear from you so they understand that you are [sic] feel these issues are important. Very little time is left.”
Particle then alleges that subsequently, Epic “assured its clients that wide access to EHR would be available for exchange between healthcare systems” – but only after Epic became the sole provider of IT services for all healthcare systems.
How Can the Guard Help with Compliance?
Under the information blocking technology rules, activity that would otherwise be considered “information blocking” does not run afoul of the Cures Act if HIPAA permits or requires that the information not be shared.
Knowledge of what information HIPAA allows the use and disclosure of is key to ensuring Cures Act compliance. Compliancy Group’s software, The Guard, can be used by HIPAA-covered entities who must ensure that they both disclose what the law requires them to, and that they do not disclose that which may not be disclosed.
The Guard contains a number of tools, including QuickStart guides, template policies, self-audits, training, and vendor and incident management, that HIPAA-covered entities, both small and large, can use to monitor their compliance with the HIPAA Privacy, Security, and Breach Notification Rules. These are the rules of disclosure engagement – these rules set forth when protected health information (PHI) may be disclosed, and when it may not be.