Photo: Kawee Srital-on/Getty Images
This story has been updated on Feb. 27, 2026, with information about additional motions filed with the court.
Health Gorilla said it has filed a motion to dismiss an Epic Systems-led lawsuit in the U.S. District Court for the Central District of California and called the action an attack on interoperability that threatens patient safety and healthcare nationwide.
While Epic, a vendor of electronic health records, alleges that Health Gorilla facilitated the fraudulent monetization of patient records, the clinical data exchange company contends the dispute should have been handled through established network governance, rather than in federal court.
Joined by OCHIN, Reid Health, Trinity Health and UMass Memorial Health, Epic said that it filed the lawsuit to defend patient privacy and protect sensitive medical information from being monetized for non-treatment-related purposes.
The plaintiffs allege that Health Gorilla committed fraud, aided and abetted fraud, and violated the California Business and Professions Code and the Federal Computer Fraud and Abuse Act by enabling at least two of its customers to improperly access and monetize sensitive patient health data through the Carequality network under the federal Trusted Exchange Framework and Common Agreement (TEFCA).
"These efforts are the latest in Epic's strategy to undermine nationwide healthcare interoperability. At issue are Carequality and TEFCA, frameworks healthcare providers use to exchange billions of patient records," countered Health Gorilla, which is a qualified health information network under TEFCA, in the motion.
"Epic has even attempted to use its dominant position in EHR-exchange markets to control information shared on the networks and exclude smaller participants for Epic’s benefit," Health Gorilla said. "This lawsuit is part of that strategy."
Two years ago, Particle Health filed an antitrust lawsuit against Epic in the Southern District of New York, accusing the EHR giant of unfair business practices that excluded its customers from exchanging data on the Carequality network. The judge partially denied Epic's motion to dismiss in September, and that case, with the EHR giant as a defendant, continues.
In its motion to dismiss the lawsuit it faces, Health Gorilla argued that Epic and fellow plaintiffs bypassed mandatory contractual dispute resolution procedures and sought to escalate what is fundamentally a healthcare governance dispute into a federal action and defamation.
"With smear campaigns advanced in public and private, Epic has brazenly sought to deter both its competitors and customers from embracing innovation in interoperability and supporting a more efficient, safer healthcare system," Health Gorilla said in the motion.
Overall, the lawsuit calls into question the networks' abilities to self-police, Health Gorilla said in the motion.
Health Gorilla said it willingly cooperated in investigations raised by Epic concerning certain network participants through a long, exhaustive and voluntary process involving Carequality, the TEFCA network administrator and several of the nation's largest health providers.
"Carequality and TEFCA protect patients by ensuring clinicians have the information they need at the point of care," said Bob Watson, Health Gorilla's CEO, in a statement on Thursday. "Bypassing them risks destabilizing systems that hundreds of millions of patients and providers depend on."
"Medical records are deeply personal, and exploiting them is wrong," an Epic spokesperson told Healthcare IT News on Thursday. "In their motion, Health Gorilla asserts that they should be dismissed as a defendant in the lawsuit because they had 'lack of actual knowledge' of wrongdoing."
Health Gorilla argued that Epic's claims that it aided and abetted fraudulent claims failed.
"The complaint does not sufficiently allege Health Gorilla actually knew [its named customer defendants] were submitting fraudulent treatment-purpose queries," the company said in the motion.
"Instead, it relies on 'red flags' and allegations that Health Gorilla 'should have' discovered the fraud, and circular reasoning that an alleged failure to vet constitutes knowledge," it added. "These allegations describe, at most, that Health Gorilla should have been more suspicious or should have investigated more thoroughly."
"That is not an acceptable reason – Health Gorilla had a responsibility to safeguard sensitive patient data and know why it was being taken," an Epic spokesperson said in an email response. "The public deserves a complete investigation and transparent resolution in federal court. It should not be done behind closed doors."
LlamabLa and its founder, Shere Saidon, also filed motions with the court to dismiss the case against it.
The company said that it is not a member of the Carequality or TEFCA networks, and Epic dragged it into the case. LlamaLab also said that it warned the court against Epic’s attempt to manufacture guilt.
"Epic essentially concedes it is attempting to avoid dispute resolution procedures it cannot control and sidestep independent boards it does not respect," Saidon said in a statement.
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
