top of page

Epic, Particle Health, and The Patient Data Dilemma

Epic and particle health dispute

Electronic medical record giant, Epic, has accused interoperability company, Particle Health, of violating HIPAA and putting patient medical records at risk.


In the CareTalk episode "Epic, Particle Health, and The Patient Data Dilemma,"hosts, John Driscoll & David Williams dive into the details of the dispute and explore what it means for

the future of patient data.

Episode Transcript:

David E. Williams:

Electronic medical record, giant Epic has accused interoperability company Particle Health of violating HIPAA and putting patient medical records at risk. The dispute provides an early test of the new federal interoperability framework. So what exactly are they fighting about and what does it mean for patient rights and the future of medical record sharing?

Welcome to Care Talk, America's home for incisive debate about healthcare business and policy. I'm David Williams, president of Health Business Group.

John Driscoll: 

And I'm John Driscoll, a senior advisor at Walgreens. David, why should we care? What's going on here? This feels like a, you know, one of the battles of technology people and healthcare entities that the average patient doesn't know anything about. I mean, who cares?

David E. Williams:

Everybody cares, John. You know, you and I are so interoperable. We want it for everybody else as well. You know, so first of all, who are these companies? So Epic is the biggest electronic medical record provider, especially for hospitals and big health systems and particle health. It sounds like a particle board, you know, cheesy piece of wood that you would, that you would bring in, but they are what they call a data interoperability player.

And they're making it easier for others to access patient data and share it among providers. So that is the two, the two players. Now. What Epic is alleging is that Particle Health was using data about patients inappropriately in a way that violates HIPAA and also care quality rules. Care quality is the interoperability framework they're using.

John Driscoll: 

You know, you're already so buried in like, so arguably Epic, which is a software and data business, invented the electronic health record. They are the dominant player in the academic and large system, medical record space. When you go into a hospital, you're, the, the person who's not looking at you and not paying attention to your, whinnies is probably typing into an epic database to make sure that the information about you is actually in the right place and that they can move you along, take advantage of your history, your medical history, which is often a critical part of your care and there, and that they can bill for you.

So let's start with what is, you know, what are, what are we talking about here? The second thing is I do care about whether people are taking my information and using it inappropriately. I don't want, you know, you, David, with one of your techie clients taking my data and making money off of it. Isn't, isn't that what we're talking about here?

David E. Williams:

Well, John, I think what's happened is that, you know, Epic has been, has this information been requested from them. So they're the ones that are providing it. Cause they have the medical record. As you say, they have a big, a big share there. But the point is they they're supposed to be a separate dispute resolution here. You know, if they think it's not being provided for the right purpose, they're supposed to go through, you know, official channels to challenge that, not just say, Hey, we're cutting you off right now. Because I can tell you. As part of this they cut off some folks that are questionable, but they cut off some folks that are unquestionable as well.

And definitely, we're using the information, for treatment. So that's a that's a concern right there, John. It's not people misusing your information. I want my information available. Like if I go to a specialist, Or I'll go somewhere out of my out of my area. I want them to have that information. I don't want them to take another x ray. I don't want them to draw blood if they don't have to. I don't want them to know about my medical condition before I come in.

John Driscoll:

Don't you enjoy filling out those the same forms repeatedly every time you move an office or a floor? Now, that you're, you're making a really important point, but I think that what's interesting about this is this is happening at a time when the, the full weight of the government's, the federal government's mandate for the interoperability of data is finally hitting and it's running into the same disjointed who owns what argument that was the reason for why the federal government through meaningful use one and two, the cares act, the TEFCA, I don't even exactly know what that represents, but they're all Part of a push that's bipartisan support for standardizing and simplifying the sharing of data with a view that we could substantially reduce the excess costs and unnecessary care to your point, if we could just get the right information to patients and providers at the right time in order to do that, because the information is all over the place in many cases, in although it's slowing down in paper files you need to have one language, if you will, to translate all that information into so that anyone can read right into your file, a basic set of information that will help care and lower costs and lower the friction and administrative costs and hopefully lower, improve your care and, and, and lower costs.

But having said that, it's still this broken market of players, some of whom have the data and some of whom are trying to make money off the data. And that, that strikes me as what. This battles about, I mean, if maybe you could talk about David, who's taking my data and what are they doing with it in that range of people who are interested in true clinical care and those who just appear to be using it to advance a new business.

David E. Williams:

Well, John, TEFCA is a nice sounding thing. It's, it's a trusted exchange framework and common agreement, and it's came out of the 21st Century Care Act signed by Obama back in 2016. It's just being implemented. Now, there's been a lot of thought put into it. Of course, implementation can be a challenge. It's interesting to note that this, what's going on now with care quality is like it, which is the interoperability network right now is a precursor to Tefka. So one of the arguments is actually to say, let's implement Tefka faster right away and actually put some teeth in it. So you can't have somebody like Epic just going and doing, you know, what they, what they see fit.

Now, what's the purpose of it? One is universal interoperability. So you've got common rules and guidelines. Everybody can follow. So you've got a common way to exchange this information, make it simple to connect, improve patient care, John, a more comprehensive view of the medical history of the patient care, coordination, et cetera, patient empowerment, make it easier for the patient to manage their own data. And then for public health. I mean, as we saw in the pandemic, we didn't have access to a lot of information. So that's the goal here. And. That is supposed to be right now. There's only one of these sort of use cases that's allowed right now, which is for treatment. So you're supposed to be able to get data if it's being used for treatment. It's not being, it's not allowed to be used for other things right now that eventually will be allowed to use for including payment. Health, what they call healthcare operations, public health, benefits administration, and individual access services. So the challenge is it just started with the treatment use case and people are trying to use some of these others.

John Driscoll: 

So it's supposed to be treatment, but aren't some of these like health, you know, trying to guys, people trying to develop like insurance, new forms of life insurance companies off of this data. I mean, it's not, I mean, it's It's a pretty broad, I mean, most people think treatments like I'm in the midst of getting in the hospital with a heart attack. I just need to make sure that we can get access to the information about medical history so that nothing goes wrong during that absolutely critical point in care. How does, what, what are all these other companies trying to grab my data? What, what, isn't it a little bit beyond conventional treatment?

David E. Williams:

Yeah. So first of all, the treatment is the vast majority of what's going on and it's really, I've seen it, you know, my medical record being populated and I haven't had to fill out those forms. As often. It's interesting. There seems to be within particle health. There seems to be three different companies, really two, I think, that they're, they're concerned about. One is MD Portals and Revalir, which I think are together. Now, they're rumored to be working for payers and gathering a lot of medical records there, probably, to manage costs as opposed to for treatment. And so that one would be a clear, you know, probably fairly clear violation.

They, probably did wrong there. The other one that's interesting, I, I hadn't heard about, it's called Integritort. With between, you know, integrity and torts, but their job is to round up patients to identify patients for class action lawsuits. Now, that would also seem to be, you know, but I went, that would seem to be out of, you know, out of bounds, but I went to their website and if you look at what they're doing, they definitely put themselves in terms of patient empowerment. They're talking about, you know, finding patients that have not been getting the right treatments.

John Driscoll: 

They've got physicians there and they counsel patients on what treatments they should be getting while they're probably their business model. I don't know, David. That really does not sound that that sounds like they're treating their bank accounts. So I, you know, I think the challenge here is that none of that there are Broad potential applications, but perhaps not narrow enough definitions to actually give us some direction here. And again, Particle Health is one of these health IT organizations, as is Revalier, as are MD Portals. All of this, this long trail, there's an entire industry that's sort of exploded. Venture backed companies that are in some cases, I think, really trying to help stay on mission to lower costs and improve outcomes by taking information and using it to improve the access and precision of the care.

But others are just trying to, I think, Find narrow ways to make money and honestly the same data can be used we can be used effectively for both And I guess the the question that I'd ask you David is do you think that's? legit given the whole premise of HIPAA is to prevent you and your clients or my clients if I was in the industry taking information without my consent or that's not related specifically to my treatment.

David E. Williams: 

I think that the principle of patient empowerment is a good one. And one of the things that I hope we'll be able to do with this episode is give patients a little more of a sense of what's actually out there and what's at stake. So let's go back to your life insurance example. I don't know, you know, exactly what you're talking about, new forms of life insurance, but let's talk about how life insurance works now. So if someone wants to apply for life insurance, there's a fair cost involved because you know, unlike with. medical underwriting where you can't charge somebody a different price for health insurance, you can charge somebody a different price for life insurance depending on their, on their health status.

And they do often do tests. So I've had, you know, I have life insurance and I've had a medic come to my house and, you know, draw blood and do EKGs and do tests and it costs them money certainly increases the cost of life insurance and also is going to reduce accessibility. So in order to have life insurance be available, you've got to be selling a lot of it with a high enough premium to make it worthwhile. That information should already be there for my doctor's office. So as long as I'm okay with it as a patient, I might like my life insurance company to actually have that information as part of my application rather than come draw blood again. You know, so I think it should be focused on, on the patient.

John Driscoll: Okay so, but that would still require specific patient consent. Like I don't care if Revolir, MD portals, ABC tech company wants to use my data. I just want to know that they're in my, in my stuff. I mean I think that's really what this, I mean, the HIPAA, while it's been used to in some ways, increase costs and increase friction and increase all these forms.

But the premise was, which I think is legit, you know I kind of want to know a who's using it and what it's for. I mean, if, and if I don't, if they're making money on me and I'm not taking a, getting a piece of that, I don't think that's fair.

David E. Williams: Yeah. No, it's a good point, John. So I wouldn't want a life insurance company. You know, harvesting data without my consent to be prospecting me for life insurance, although maybe I do, but let's say for sure, but for sure, what I, but John, for sure, what I want. is if I'm applying for life insurance, I want to be able to check the box and allow care quality, particle health, whoever's working for the insurance company to pull that record seamlessly. I do want that. Now, let me go back to what I was saying. Maybe I actually do want life insurance companies going through and saying, Hey, You know, we might be able to offer you a better deal. And as long as I've allowed that, you know, sort of opted into marketing, maybe I want that. Maybe I want to upgrade my podcast co-host at the same time.

John Driscoll: 

I think what's interesting here is. We are in this funny balance, in technology. And we've really allowed, unlike in Europe, the technology companies to define the rules in which they compete in storage, in social media, because of article 230, and we've prevented them from liability for all the horrible things that are, that are the result of inappropriate use of social media. We have allowed different software and hardware companies to really battle it out without too much concern about either anything from antitrust to social impact. In the case of technology-assisted healthcare, we really have a massive problem where we are so much more expensive than every other country in the world. And there is a plausible case to be made that if we could Just get information sharing and we could probably take a couple of hundred basis points, a couple, two, one or 2 percent off of total medical costs just by reducing the back and forth of data, just by reducing the administrative costs, just by reducing the army of health plan, health care billers who are, you know, You've got hospital people billing one set of things and, and, and an army on one side and an army of people on the managed care side denying them and the opportunities for AI and all that is, or are there, but because you don't have information in the standard format, to your point, you can't get it and they can't compute off of it.

But I do worry that without more clear direction, for example, in this particular case, what are some of the startups that may have violated the rules or violated the intent of the rules is that the definition of data related to treatment was not clear. And so they're trying to expand it and they've obviously got self interest in doing it. And Epic is trying, I think in a genuine way, to interpret its role as the protector of the data. And yeah, they're the judge jury, and executioner, but it's not like the federal government has a role here. And I think it really begs the question as to whether there should be, even though it's might be somewhat painful to have HHS or CMS or the, or the you know, the, the national coordinator for healthcare technology. John Chet, who works at the Center for Medicare and Medicaid Services, plays a role in laying out ground rules so that the startups and the incumbents, the startups like Particle, the incumbents like Epic, Cerner, and Oracle, kind of know what the rules are. Because without that, I do think you're going to have this kind of conflict going on. And, honestly, this kind of conflict will reduce the opportunity you have for your perverse desire to create novel forms of life insurance based on your data.

David E. Williams:

John, I don't think you'd know about my perverse desires unless you were into my medical record, but nonetheless let's make a, let's make an argument here for startups and for big companies like Epic. So I think here, I doubt Epic actually wanted to be the judge, jury, and execution. Of course not. I'm just going to speculate that what happened is that care quality, which has sort of an established somewhat established approach.

John Driscoll: 

Just stepping back just so folks understand care quality is a thing It's not care quality because you care about quality and care quality is not as an adjective. It is an entity like, you know, there's a few entities out here that are Industry nonprofits help that are that are that are that are helping set these evolving regulatory standards.

David E. Williams: 

So my speculation here, and it's no more than that, is that Epic probably tried to go through the regular channels and to complain to care quality about a misuse, but they probably didn't get very rapid. You know, they got more kind of a bureaucratic timeframe. And that therefore they probably just said, Hey, I can't just keep sending medical records to a place that I'm pretty sure you know, isn't for treatment purposes. Because Epic actually knows who's treating patients based on, you know, when they're collecting the medical records.

So, I don't blame Epic necessarily. Now, when you say about, let's say on shit, you know, ONC and Mickey Tripathi, who we think very highly of who runs that organization. You know, I would encourage him to like, you know, let's, let's implement TEFCA faster because this isn't actually literally under TEFCA. In fact if there were TEFCA, then you could actually have a more serious mechanism. Now the federal government might be slow, but they're authoritative. And they are going to, you know, not just let things just sort of, you know, sit out there. So I actually think this is an argument perhaps to accelerate the movement into TEFCA and then I would love to see an acceleration into these other use cases as well, including payments, healthcare operations, and so on, where I understand there's a balance. You don't want to give it too fat because you have to test it out so you don't have some unknown issue. But on the other hand, let's go before the 21st century is done.

John Driscoll: 

You're sort of sending two different messages, David, but I think unlike many of your inconsistent, you know, theories about the future, this one actually makes a lot of sense, which is we have to actually want an authority to help adjudicate these particular disputes. Why not, why not move to a standard, a set of those standards faster? And you actually, to your point, the on chip, you know, Mickey Tripathi is in a, is in a position to help establish industry rules. And he is good. Actually, honestly, all of the Republicans and Democrats who held that particular seat, which is the National Coordinator for Health Information Technology, have, have, have, it's not, you know, it's not, it's one place where partisan performative nonsense has really not held. It's really people who have all genuinely worked together in a bipartisan way to accelerate a move to a more standard data infrastructure. And I think that, you know, the, the opportunity there is, is great, but we do have to. Create a centralized dispute resolution, or I think, you know, we're going to slow down the path to interoperability because we haven't been clear about what the rules are.

David E. Williams:

Well, this will hopefully just be a, you know, just a quick little episode that highlights the need to get things done, right. And it will lead to some good improvements, acceleration of TEFCA. John, I want to leave with a question to you which is what advice would you give healthcare providers and tech companies that To navigate the health data exchange landscape.

John Driscoll: 

For the provider side, I think they don't really understand enough, and I would really up their understanding of where the industry, where, where the technology wants to go and what the tech companies agendas are, because I think then they can play in more effectively to make sure that what we're really focused on is better clinical care, and they can understand how their own data is being used. And for the tech companies, I guess I would ask for a little bit more modesty. And a little bit more engagement with the regulatory authorities because they run the risk, particularly the venture-backed companies, the early entrance in the interest of kind of pushing the edge of the envelope on what they can deliver really breaking the trust they currently have with. The rest of the healthcare system shares that data. Because if that gets broken, and I think that really is the part of this that makes what, what is a dispute between companies around an esoteric issue really important. We, we have this path towards interoperability, which can reduce costs, improve outcomes, and to your point, really give patients control over their information.

That's an awesome three-part aim, but it all is based on the notion that we are going to trust one another tech company patient. And provider and we all have the best interest of the patient and the system in mind that has been an assumption. If that trust is broken, I really worry that we'll end up in, the classic, you know, slow-down court decision, regulatory overreach companies fighting and not sharing information that that will reflect. The current disjointed system, which has given us a healthcare system that frankly delivers too little for too much, even though it's a, in, in, in, in innovation, it's the wonder of the world. So I, I, I do think that's my, that's my big concern and why these disputes need to be taken seriously.

David E. Williams:

Good. Well, John, I agree with you and I'll say that's it for yet another episode of care talk.

We've been talking today about. interoperability, which gives us a chance to talk about not only acronym like HIPAA, but also to throw out things like TEFCA, ONCHIT, and INTEGRA, which is not an acronym. I'm David Williams, President of Health Business Group.

John Driscoll: And I'm John Driscoll, Senior Advisor at Walgreens. If you liked what you heard, what you didn't, we'd love you to subscribe on your favorite service, and please leave us a review.

Watch the full episode on YouTube:



CareTalk is the only healthcare podcast that tells it like it is. Join hosts John Driscoll (Senior Advisor, Walgreens Health) and David Williams (President, Health Business Group) as they provide an incisive, no B.S. view of the US healthcare industry.



bottom of page