Photo: PixaBay/Pexels
More than 40 healthcare organizations are urging the U.S. Department Health and Human Services to implement stricter onboarding and transparency requirements for the Trusted Exchange Framework and Common Agreement and Carequality to prevent the fraudulent exchange of protected medical information.
Demand for transparency
This past week, these healthcare organizations and providers sent a letter to Mariann Yeager, CEO of the Sequoia Project, the recognized coordinating entity for TEFCA, and to Steve Posnack, principal deputy at HHS' Assistant Secretary for Technology Policy.
They ask for new requirements around vetting, onboarding and ongoing monitoring for TEFCA and Carequality participants, including asking businesses to attest to business and exchange purposes and several transparency measures for health information exchange under the framework.
"As providers whose patients benefit from interoperability, we strongly support nationwide health data exchange frameworks," they said. But new rules are necessary, they added, "to improve trust in these frameworks so that the progress we’ve made as an industry toward nationwide interoperability continues.
"There is a clear pattern of bad actors improperly obtaining patients’ medical information," the health systems claimed. "To protect patients’ privacy, there is an urgent need for the frameworks to implement centralized vetting, onboarding, and monitoring controls. Details on exchange activity must be made publicly available, and when potential privacy issues are identified they must receive timely, effective, and transparent resolutions."
UMass Memorial Health was one of the signatories of that letter. The health system is also named as a plaintiff in an Epic-led lawsuit, filed earlier this month, alleging improper access and monetization of 300,000 patient medical records under TEFCA.
We asked UMass Memorial about the steps outlined in the letter to Sequoia Project and ASTP/ONC, and about its experiences with non-treatment-related access to its patient data.
"UMass Memorial Health has joined Epic and other healthcare providers in a federal lawsuit to prevent improper access, misuse and monetization of confidential patient medical records by fraudulent companies," a spokesperson for the health system said by email on Monday.
"The lawsuit aims to protect patient data in electronic health records and enable the continuation of safe interoperability, which facilitates the secure exchange of patient data among hundreds of thousands of healthcare providers to inform clinical treatment leading to improved health outcomes."
Health Gorilla responds to Epic suit
That lawsuit, which filed against clinical data platform Health Gorilla, alleges that the company enabled at least two data companies to access and monetize patient health data through the TEFCA-aligned Carequality network.
Health Gorilla responded this week, releasing a statement on Tuesday that said the Epic complaint is replete with "unfounded and wholly misleading allegations" and pledging to defend itself in court, according to Bob Watson, the company's CEO.
For its defense, the company has hired Quinn Emanuel Urquhart & Sullivan, LLP, the same law firm that's representing both Particle Health and CureIS, who are each plaintiffs in separate Epic cases.
Watson also said that the company is investigating the connections in question, and they remain suspended from data exchange.
"Epic's complaint presents about Health Gorilla's role in connecting healthcare providers with needed data about patients," he said. "Health Gorilla has long operated in strict conformance with all applicable laws, governance requirements and industry norms."
Watson added that the Epic suit "not only fails to provide all the facts, but reflects an irresponsible use of litigation as a weapon rather than to advance serious claims. Meanwhile, when it comes to interoperability, Epic has done the equivalent of shouting 'fire' in the middle of a crowded theater.
"As the industry transitions into a TEFCA-enabled ecosystem, fair participation, without exclusionary barriers imposed by dominant incumbents that wish to monetize clinical data exchanges for their own benefit, is central to innovation and patient access," Watson added.
"Interoperability only works when those who participate in it do so in good faith," he said. "Health Gorilla has. It is time for Epic to do the same."
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
