admin
Americans who trust their doctors with the most intimate details of their lives are waking up to a nightmare: a federal complaint filed by Epic and several health systems in mid-January alleges organized syndicates have been quietly siphoning off patient charts and treating them like commodities. The suit, filed January 13, 2026, accuses a web of companies of exploiting national health information networks to access medical records without patients’ informed consent and then monetizing that data.
At the center of the lawsuit is Health Gorilla, a company that acts as a gatekeeper for record exchanges, and dozens of outfits like RavillaMed, LlamaLab and others that Epic says posed as health providers to gain entry to Carequality and other interoperability frameworks. Plaintiffs claim nearly 300,000 patient records were improperly pulled, stripped for identifying details, and rerouted to services marketing to law firms seeking recruits for mass tort and class-action litigation.
If true, this is more than a tech failure; it’s a moral one. The complaint paints a disturbing picture of actors inserting junk entries into charts to create the illusion of treatment, hiding behind shell websites and sham provider numbers while lawyers and marketers comb through private health histories to find plaintiffs. No hardworking American signs up to have their medical fights auctioned off to the highest bidder — and regulators shouldn’t tolerate it.
Let’s be blunt: the people responsible for protecting health privacy have been asleep at the wheel, and the result is predictable. This is a job for law enforcement and Congress, not finger-pointing PR statements; we need criminal referrals, meaningful fines, and swift injunctions to stop any further siphoning of health records. The long shadow of weak oversight and cozy tech relationships has left a hole that bad actors are exploiting — and that hole must be closed now.
Don’t let anyone pretend Epic’s move is purely self-interested; the company certainly has its own legal fights, including antitrust scrutiny and separate state lawsuits that critics use to question its motives. But whether you distrust Epic or worry about monopolies, the underlying issue is simple: patient privacy is nonnegotiable, and both private gatekeepers and public regulators share blame if records are being trafficked. Healthy skepticism of big tech should not become an excuse to let data predators run wild.
Policymakers must act where bureaucrats have failed. Congress should tighten standards for who can join national exchange networks like Carequality and TEFCA, require real-time audits, and mandate transparency when records are accessed and for what purpose. If the federal government is serious about defending individual liberty and privacy, it will move faster than it has toward criminal penalties for deceptive front organizations that impersonate care providers to scrape sensitive files.
This is about the sanctity of the doctor-patient bond and the dignity of ordinary Americans who expect their most private information to stay private. Voters should demand accountability from health networks, data brokers, and the regulators who allowed this to fester — and they should remember which officials and institutions stood up to defend privacy and which ones offered excuses. The next step is obvious: shut down the data mills, prosecute the profiteers, and restore trust to the system that keeps our families safe.
