{"id":24814,"date":"2024-04-14T06:00:10","date_gmt":"2024-04-14T06:00:10","guid":{"rendered":"http:\/\/107400534"},"modified":"2024-04-14T06:00:10","modified_gmt":"2024-04-14T06:00:10","slug":"health-records-giant-epic-cracks-down-on-startup-for-unauthorized-sharing-of-patient-data","status":"publish","type":"post","link":"https:\/\/wp.worldtechguide.net\/health-records-giant-epic-cracks-down-on-startup-for-unauthorized-sharing-of-patient-data\/","title":{"rendered":"Health records giant Epic cracks down on startup for unauthorized sharing of patient data"},"content":{"rendered":"

<\/span><\/p>\n

\n
\n
\n

The eponymous sign outside Epic headquarters in Verona, Wisconsin.<\/p>\n

Source: Yiem via Wikipedia CC<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n

Epic Systems, the largest provider of software for managing medical records, says a venture-backed startup called Particle Health is using patient data in unauthorized and unethical ways that have nothing to do with treatment.<\/p>\n

Epic told customers in a notice on Thursday that it cut off its connection to Particle, hindering the company’s ability to tap a system with more than 300 million patient records. Particle is one of several companies that acts as a sort of middleman between Epic and the organizations \u2014 typically hospitals and clinics \u2014 that need the data.<\/p>\n

Patient data is inherently sensitive and valuable, and it’s protected by the Health Insurance Portability and Accountability Act, or HIPAA<\/span>, a federal law that requires a patient’s consent or knowledge for third-party access. One way Epic’s electronic health records (EHR) are accessed is through an interoperability network called Carequality<\/span>, which facilitates the exchange of more than 400,000 documents a month, according to its website. Particle is a member of the Carequality network.<\/p>\n

To join the network, organizations are vetted and have to agree to abide by clear “Permitted Purposes” for the exchange of patient data. Epic responds to requests for data that fall under the “Treatment” permitted purpose, which means the recipient is providing care to the person whose records they are requesting. <\/p>\n

Epic said in its notice on Thursday that it filed a formal dispute with Carequality on March 21, over concerns that Particle and its participant organizations “might be inaccurately representing the purpose associated with their record retrievals.” The company suspended its connection with Particle that day.<\/p>\n

“This poses potential security and privacy risks, including the potential for HIPAA Privacy Rule violations,” Epic said in the notice, which was obtained by CNBC. <\/p>\n

In a blog post<\/span> late Friday, Carequality said it takes disputes “very seriously and is committed to maintaining the integrity of the dispute resolution process as well as trusted exchange within the framework.” The organization said it can’t comment about the existence of any disputes or member activities.<\/p>\n

Representatives from Epic and Particle didn’t respond to requests for comment. However, Particle published a blog post<\/span> Friday evening and said it began “addressing this issue immediately” after Epic “stopped responding to data requests from a subset of customers” on March 21. Particle said in the post that a big challenge in such matters is that there is “no standard reference to assess the definition of Treatment.”<\/p>\n

“These definitions have become more difficult to delineate as care becomes more complicated with providers, payers, and payviders all merging in various large healthcare conglomerates,” Particle wrote. <\/p>\n

Epic, a 45-year-old privately held company based in Wisconsin, is <\/strong>the largest EHR vendor<\/span> by hospital market share in the U.S., with 36% of the market, according to a May report from KLAS Research<\/span>. Oracle<\/span>