Health records giant Epic cracks down on startup for unauthorized sharing of patient data
The eponymous sign outside Epic headquarters in Verona, Wisconsin.
Source: Yiem via Wikipedia CC
Epic Systems, the largest provider of software for managing medical records, says a venture-backed startup called Particle Health is using patient data in unauthorized and unethical ways that have nothing to do with treatment.
Epic told customers in a notice on Thursday that it cut off its connection to Particle, hindering the company’s ability to tap a system with more than 300 million patient records. Particle is one of several companies that acts as a sort of middleman between Epic and the organizations — typically hospitals and clinics — that need the data.
Patient data is inherently sensitive and valuable, and it’s protected by the Health Insurance Portability and Accountability Act, or HIPAA, a federal law that requires a patient’s consent or knowledge for third-party access. One way Epic’s electronic health records (EHR) are accessed is through an interoperability network called Carequality, which facilitates the exchange of more than 400,000 documents a month, according to its website. Particle is a member of the Carequality network.
To join the network, organizations are vetted and have to agree to abide by clear “Permitted Purposes” for the exchange of patient data. Epic responds to requests for data that fall under the “Treatment” permitted purpose, which means the recipient is providing care to the person whose records they are requesting.
Epic said in its notice on Thursday that it filed a formal dispute with Carequality on March 21, over concerns that Particle and its participant organizations “might be inaccurately representing the purpose associated with their record retrievals.” The company suspended its connection with Particle that day.
“This poses potential security and privacy risks, including the potential for HIPAA Privacy Rule violations,” Epic said in the notice, which was obtained by CNBC.
In a blog post late Friday, Carequality said it takes disputes “very seriously and is committed to maintaining the integrity of the dispute resolution process as well as trusted exchange within the framework.” The organization said it can’t comment about the existence of any disputes or member activities.
Representatives from Epic and Particle didn’t respond to requests for comment. However, Particle published a blog post Friday evening and said it began “addressing this issue immediately” after Epic “stopped responding to data requests from a subset of customers” on March 21. Particle said in the post that a big challenge in such matters is that there is “no standard reference to assess the definition of Treatment.”
“These definitions have become more difficult to delineate as care becomes more complicated with providers, payers, and payviders all merging in various large healthcare conglomerates,” Particle wrote.
Epic, a 45-year-old privately held company based in Wisconsin, is the largest EHR vendor by hospital market share in the U.S., with 36% of the market, according to a May report from KLAS Research. Oracle is second at 25%, following the software company’s $28 billion purchase of Cerner in 2022.
As of July 2022, Particle had raised a total of $39.3 million from investors including Menlo Ventures, Story Ventures and Pruven Capital, according to a release. The New York-based startup said at the time that its technology “uniquely combines data from 270 million plus patients’ medical records by aggregating and unifying healthcare records from thousands of sources.”
Epic said Particle introduced thousands of new participant connections to Carequality in October, and asserted that they fell under the treatment use case. In the following months, all of Particle’s participant organizations claimed a permitted purpose of treatment for their requests, Epic said.
‘Non-treatment use case’
However, Epic began to notice some red flags. The company said it observed anomalies in the patient record exchange patterns, like requests for large numbers of records within a certain geographical region. Additionally, Epic said that the companies connected to Particle weren’t sending new data back from patients, which “suggests a non-treatment use case.”
Epic and its Care Everywhere Governing Council, consisting of 15 industry representatives, evaluated Particle’s new participant connections and determined that organizations like Integritort, MDPortals and Reveleer, which acquired MDPortals last year, “likely didn’t conform to a Treatment Permitted Purpose,” the notice said.
Epic said it learned that another Carequality member was planning to file a dispute, alleging that Integritort was using the patient data to try and identify potential class action lawsuit participants. On March 28, Epic said it discovered that a participant called Novellia claimed it was requesting records under treatment, despite publicly advertising its product as a “personal health tool.”
Integritort, Reveleer and Novellia didn’t respond to requests for comment.
Epic said it filed a formal dispute with Carequality at the Governing Council’s recommendation. On April 4, Epic asked Particle to provide additional information to illustrate how its participants qualify for the treatment use case, according to the notice.
Michael Marchant, director of interoperability and innovation at University of California Davis Health, serves as the chair of Epic’s Governing Council. He said it’s hard to know exactly why Particle might have provided these organizations with records, or whether it intentionally engaged in wrongdoing. But, he said, companies have to act responsibly even if pressured to deliver financial results.
“If they were selling to things that they knew were not treatment-related organizations in an effort to match VC funding or profit margins or revenue targets or what have you, then that would be really bad,” Marchant told CNBC in an interview.
In a statement on LinkedIn Wednesday, Particle founder Troy Bannister said Epic acted unilaterally, and that Particle has not seen “rationale, justification or official claims” surrounding these issues.
Bannister wrote that, to the company’s knowledge, “all of the affected partners directly support treatment.” He said these organizations pull data for care providers and share data back with the Carequality network.
“While we continue maintaining our connection with Carequality, the ability for one implementor to decide, without evidence or even so much as a warning, to disconnect providers at massive scale, jeopardizes clinical operations for hundreds of thousands of patients as well as the trust that is so critical to a trust-based exchange,” Bannister wrote.
Bannister didn’t address Epic’s April 4 request for additional information.
The formal dispute process is still ongoing. Marchant, who also serves as the co-chair of an advisory council at Carequality, said it’s the first time in the network’s history that a complaint has gotten this far.
The Nasdaq MarketSite in New York, June 9, 2023.
Michael Nagle | Bloomberg | Getty Images
Silicon Valley executives and financiers publicly opened their wallets in support of President Donald Trump’s 2024 presidential run. The early returns in 2025 aren’t great, to say the least.
Following Trump’s sweeping tariff plan announced Wednesday, the Nasdaq suffered steep consecutive daily drops to finish 10% lower for the week, the index’s worst performance since the beginning of the Covid pandemic in 2020.
The tech industry’s leading CEO’s rushed to contribute to Trump’s inauguration in January and paraded to Washington, D.C., for the event. Since then, it’s been a slog.
The market can always turn around, but economists and investors aren’t optimistic, and concerns are building of a potential recession. The seven most valuable U.S. tech companies lost a combined $1.8 trillion in market cap in two days.
Apple slid 14% for the week, its biggest drop in more than five years. Tesla, led by top Trump adviser Elon Musk, plunged 9.2% and is now down more than 40% for the year. Musk contributed close to $300 million to help propel Trump back to the White House.
Nvidia, Meta and Amazon all suffered double-digit drops for the week. For Amazon, a ninth straight weekly decline marks its longest such losing streak since 2008.
With Wall Street selling out of risky assets on concern that widespread tariff hikes will punish the U.S. and global economy, the fallout has drifted down to the IPO market. Online lender Klarna and ticketing marketplace StubHub delayed their IPOs due to market turbulence, just weeks after filing with the Securities and Exchange Commission, and fintech company Chime is also reportedly delaying its listing.
CoreWeave, a provider of artificial intelligence infrastructure, last week became the first venture-backed company to raise more than $1 billion in a U.S. IPO since 2021. But the company slashed its offering, and trading has been very volatile in its opening days on the market. The stock plunged 12% on Friday, leaving it 17% above its offer price but below the bottom of its initial range.
“You couldn’t create a worse market and macro environment to go public,” said Phil Haslett, co-founder of EquityZen, a platform for investing in private companies. “Way too much turbulence. All flights are grounded until further notice.”
CoreWeave investor Mark Klein of SuRo Capital previously told CNBC that the company could be the first in an “IPO parade.” Now he’s backtracking.
“It appears that the IPO parade has been temporarily halted,” Klein told CNBC by email on Friday. “The current tariff situation has prompted these companies to pause and assess its impact.”
‘Cave rapidly’
During last year’s presidential campaign, prominent venture capitalists like Marc Andreessen backed Trump, expecting that his administration would usher in a boom and eliminate some of the hurdles to startup growth set up by the Biden administration. Andreessen and his partner, Ben Horowitz, said in July that their financial support of the Trump campaign was due to what they called a better “little tech agenda.”
A spokesperson for Andreessen Horowitz declined to comment.
Some techies who supported Trump in the campaign have taken to social media to defend their positions.
Venture capitalist Keith Rabois, a managing director at Khosla Ventures, posted on X on Thursday that “Trump Derangement Syndrome has morphed into Tariff Derangement Syndrome.” He said tariffs aren’t inflationary, are effective at reducing fentanyl imports, and he expects that “most other countries will cave and cave rapidly.”
That was before China’s Finance Ministry said on Friday that it will impose a 34% tariff on all goods imported from the U.S. starting on April 10.
At Sequoia Capital, which is the biggest investor in Klarna, outspoken Trump supporter Shaun Maguire, wrote on X, “The first long-term thinking President of my lifetime,” and said in a separate post that, “The price of stocks says almost nothing about the long term health of an economy.”
However, Allianz Chief Economic Advisor Mohamed El-Erian warned on Friday that Trump’s extensive raft of import tariffs are putting the U.S. economy at risk of recession.
“You’ve had a major repricing of growth prospects, with a recession in the U.S. going up to 50% probability, you’ve seen an increase in inflation expectations, up to 3.5%,” he told CNBC’s Silvia Amaro on the sidelines of the Ambrosetti Forum in Cernobbio, Italy.
Former Microsoft CEOs Bill Gates, left, and Steve Ballmer, center, pose for photos with CEO Satya Nadella during an event celebrating the 50th Anniversary of Microsoft on April 4, 2025 in Redmond, Washington.
Stephen Brashear | Getty Images
Meanwhile, executives at tech’s megacap companies were largely silent this week, and their public relations representatives declined to provide comments about their thinking.
Microsoft CEO Satya Nadella was in the awkward position on Friday of celebrating his company’s 50th anniversary at corporate headquarters in Redmond, Washington. Alongside Microsoft’s prior two CEOs, Bill Gates and Steve Ballmer, Nadella sat down with CNBC’s Andrew Ross Sorkin for a televised interview that was planned well before Trump’s tariff announcement.
When asked about the tariffs at the top of the interview, Nadella effectively dodged the question and avoided expressing his views about whether the new policies will hamper Microsoft’s business.
Ballmer, who was succeeded by Nadella in 2014, acknowledged to Sorkin that “disruption is very hard on people” and that, “as a Microsoft shareholder, this kind of thing is not good.” Ballmer and Gates are two of the 12 wealthiest people in the world thanks to their Microsoft fortunes.
C-suites may not be able to stay quiet for long, especially if the recent turmoil spills into next week.
Lise Buyer, who previously helped guide Google through its IPO and now works as an adviser to companies going public, said there’s no appetite for risk in the market under these conditions. But there is risk that staffers get jittery, and they’ll surely look to their leaders for some reassurance.
“Until markets settle out and we have the opportunity to access valuation levels, public company CEOs should work to calm potentially distressed employees,” Buyer said in an email. “And private company managements should refine plans to get by on dollars already in the treasury.”
— CNBC’s Hayden Field, Jordan Novet, Leslie Picker, Annie Palmer and Samantha Subin contributed to this report.
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports12 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway