A company called CureIS has come out of the gates swinging at Epic Systems, the market leader in electronic medical record systems, in a federal complaint filed in the Northern District of California. Like in PointClickCare v. Real Time Benefits, the attorneys are taking the standards set out in the 21st Century Cures Act and using them as evidence of a violation of a state law – or here- also torts.
In PointClickCare, the court was focused on how the federal prohibition against information blocking could amount to a violation of Maryland’s unfair competition law. In analyzing that case, I mentioned that “[s]o long as a vendor can find a suitable state law or tort to attach to, those vendors sue for damages and – as this case demonstrates, even a restraining order to force data access prior to the resolution of the case. A separate case federal case in the Northern District of California, Intus Care Inc. v. RTZ Assocs., Inc, is founded on a similar California tort of “intentional interference with prospective economic advantage under California law.” Here, the attorneys are using that prohibition to also build cases for tortious interference with contractual relations. And they are suing in . . . the Norther District of California.
Also, in PointClickCare, the allegation came down to an unreasonable CAPTCHA security system that no human could reasonably be expected to solve. Here, security is a part of it. The plaintiff is alleging that Epic trash talked their security system and that was a basis for denying them data access; when according to the plaintiffs, they denied them data access because the plaintiff was a competitor. If true, the denial of data access would not find shelter under security exception to information blocking. It’s also part of the plaintiff’s trade libel claims, as well.
However, with respect to information blocking, this specific complaint goes further and alleges that Epic’s purported denial of access to electronic health information interfered with existing contracts, and new prospects. So, if true, they lost customers and sales. Here is one of the quotes from the complaint:
Among other things, Epic has targeted CureIS specifically by coercing mutual customers to terminate their relationships with CureIS, denying CureIS’s customers access to their own data for the purpose of harming CureIS, degrading the quality of CureIS products to stifle competition, misappropriating CureIS’s proprietary information and trade secrets, falsely disparaging CureIS to CureIS’s current and prospective customers, and engaging in widespread false advertising. CureIS is capable and happy to compete on a level playing field, because it offers superior products and service. But Epic has chosen to compete unfairly using illegal tactics, to the detriment of CureIS and patients nationwide.
And there is this, which if true, would violate the 21st Century Cures Act’s prohibition by treating competitors differently from non-competitive actors:
“Epic recently imposed an “Epicfirst Policy,” whereby any entity utilizing Epic’s EHR or RCM software must use Epic’s versions of other products too, if it has a version of the product in question. Epic exacerbates this problem for competitors like CureIS because Epic also has a practice of misrepresenting to customers that it either has plans to roll out a version of a competitor’s product soon, or that Epic has a current product that replicates the functionality of a competitor’s product, even though Epic’s products are typically of much lower quality. Both of these tactics prevent Epic’s EHR and RCM customers from utilizing third parties’ products, regardless of their preference.”
We then get into delays of access of EHI. Now, before I go further, I want to pause and go through Cures and timelines for data responses. If you are a covered actor, an unreasonable delay in responding to and fulfilling a request for EHI is information blocking. There is no hard and fast timeline, except for those who develop FHI APIs, in which case they have timelines (measured in days) set out by the certification program to register a solution against the API. Epic certainly develops FHIR APIs and certifies to them. Those APIs are used to exchange certain data standards live-time. With that context in mind, the plaintiff’s have also stated that:
“Epic delayed access to CureIS for several months before finally providing access at the urging of leadership. However, Epic limited CureIS’s access to data in Epic’s Clarity product. Unlike Epic’s main datastore, Epic Chronicles, the data in Clarity is not live. Instead, the data in Clarity can be on a delay anywhere from one day to over a week and provides a more limited subset of data inputs and outputs. CureIS products require timely data to deliver necessary services and value to customers.“
An astute reader will note they are talking about more than one Epic product, and the astute lawyer or regulatory head will know that once you certify a single piece of technology in your company, the prohibition against information blocking can extend to rest of your entire technology stack – certified or not. I can’t say where this case goes, but given we are in the Northern District of California where Intus was very recently decided (and which the Fourth Circuit relied upon in PointClickCare), I expect that the information blocking parts of the complaint will survive the (sure-to-come) motion to dismiss. This case is further evidence that if you are an EMR vendor, healthcare provider, or other covered actor, and are relying on cuts at OIG or a lack of federal enforcement to forestall 21st Century Cures compliance, your reliance is likely misplaced.
Image by https://unsplash.com/@1walter2
eHealth Law Blog 