Trinity Health is notifying patients of a potential unauthorized disclosure of health information involving a third-party participant in an electronic data-sharing network.
The Livonia, Mich.-based nonprofit said it learned Jan. 13 from a data exchange partner that patient information may have been improperly accessed through requests submitted by Health Gorilla, a company that facilitates data-sharing requests for other organizations.
According to a March 13 notice, Health Gorilla indicated the data requests were made for treatment purposes. However, the network has been unable to verify those claims or confirm whether the recipient organizations were authorized to access the information.
The information potentially exposed varies by individual but may include demographic details, clinical care information, insurance data and, in some cases, driver’s license numbers.
Trinity Health said the companies involved have been suspended from the data-sharing network while the incident remains under investigation.
The health system is offering affected individuals 12 months of complimentary credit monitoring and identity protection services. Patients are also encouraged to review account statements and credit reports for any suspicious activity. Trinity Health has established a dedicated assistance line for questions related to the incident.
The disclosure comes amid broader scrutiny of Health Gorilla. In January, Epic and several health systems filed a federal lawsuit accusing the company of fraudulently accessing and monetizing sensitive patient data through national health information exchange frameworks. The complaint alleges Health Gorilla improperly obtained tens of thousands of patient records by misrepresenting requests as treatment-related and then rerouted the data to mass tort litigation marketing services.
Health Gorilla has denied the allegations, calling them “yet another example of Epic’s exclusionary actions.”
Separately, Pittsburgh-based UPMC reported March 13 that Health Gorilla had requested patient data under the guise of coordinating care for mutual patients.
In response to the UPMC incident, a Health Gorilla spokesperson told Becker’s the company is “100 percent committed to patient privacy” and said it acted immediately by suspending the connections in question after concerns were raised.
The post Trinity Health notifies patients of potential data exposure tied to Health Gorilla appeared first on Becker's Hospital Review | Healthcare News & Analysis.
Source: Read Original Article
