Epic Systems, the largest provider of software for managing medical records, says a venture-backed startup called Particle Health is using patient data in unauthorized and unethical ways that have nothing to do with treatment.
Epic told customers in a notice on Thursday that it cut off its connection to Particle, hindering the company’s ability to tap a system with more than 300 million patient records. Particle is one of several companies that acts as a sort of middleman between Epic and the organizations — typically hospitals and clinics — that need the data.
Patient data is inherently sensitive and valuable, and it’s protected by the Health Insurance Portability and Accountability Act, or HIPAA, a federal law that requires a patient’s consent or knowledge for third-party access. One way Epic’s electronic health records (EHR) are accessed is through an interoperability network called Carequality, which facilitates the exchange of more than 400,000 …