Health Gorilla has filed a motion seeking dismissal of a federal lawsuit brought by Epic and several health systems, arguing that the case threatens the stability of national interoperability frameworks used to exchange patient data.
In a Feb. 26 press release, Health Gorilla characterized the lawsuit as an “attack on interoperability,” stating that escalating the dispute to federal court could undermine patient safety and disrupt efficient healthcare data exchange nationwide. The company contends the matter is a governance disagreement that should have been addressed through established contractual dispute resolution mechanisms rather than litigation.
The lawsuit, filed Jan. 13 in the U.S. District Court for the Central District of California, was brought by Epic Systems, OCHIN, Reid Health, Trinity Health, and UMass Memorial Health. The plaintiffs allege that Health Gorilla and other defendants improperly accessed and monetized patient medical records through national data-sharing frameworks.
According to the complaint, tens of thousands of patient records were allegedly obtained under the premise of treatment purposes and later redirected to mass tort litigation marketing services. Plaintiffs argue this conduct threatens patient privacy and erodes trust in nationwide interoperability systems.
The lawsuit centers on two major interoperability frameworks: Carequality and the Trusted Exchange Framework and Common Agreement (TEFCA). These frameworks are designed to facilitate secure data exchange among providers for legitimate treatment purposes. The complaint alleges certain entities misrepresented themselves as medical providers to access patient data for non-treatment uses without consent.
Health Gorilla, which serves as a designated Qualified Health Information Network under TEFCA, is named as a primary defendant. Additional defendants include RavillaMed and entities affiliated with Mammoth Health and Unit 387. Plaintiffs are seeking injunctive relief to prevent further access to national interoperability systems.
In its motion to dismiss, Health Gorilla argues the plaintiffs bypassed required contractual governance processes that allow interoperability networks to self-regulate and resolve disputes internally. The company also stated that portions of the lawsuit rely on information it voluntarily shared during a months-long investigation involving Carequality, TEFCA’s network administrator, and several large health providers — none of whom are plaintiffs in the current case.
“Carequality and TEFCA protect patients by ensuring clinicians have the information they need at the point of care,” said Bob Watson, CEO of Health Gorilla, in the press release. “Bypassing them risks destabilizing systems that hundreds of millions of patients and providers depend on.”
In response, an Epic spokesperson told Becker’s that Health Gorilla’s assertion of a “lack of actual knowledge” of alleged wrongdoing is insufficient. The spokesperson emphasized that safeguarding sensitive patient data is a core responsibility and called for a full investigation in federal court rather than private resolution.
Health Gorilla stated that its priority remains maintaining secure treatment access while protecting patient privacy and preserving the integrity of the national interoperability ecosystem.
Source: Becker’s Hospital Review Naomi Diaz, Health Gorilla files motion to dismiss lawsuit filed by Epic health systems (Feb. 26, 2026).
Leave a Reply