Hospitals Demand Stronger Security for Patient Data Sharing

Health‌ Systems Demand Action Against Data ⁤Breaches in Health Details Exchanges

Over 60⁣ health systems are urging national health record exchange operators to bolster security measures and prevent unauthorized access⁣ to patient data, following⁢ a recent lawsuit detailing alleged “bad actors”⁢ exploiting ⁤the system. The coordinated effort highlights⁢ growing concerns‌ about the vulnerability of increasingly interconnected health information networks.

The Letter and Its Recipients

The letter, sent on January ⁤17, 2026, was addressed to Mariann Yeager, CEO of The sequoia Project, the⁢ organization overseeing the Carequality framework, and to Principal Deputy Assistant Secretary for Health Information Technology⁤ at the​ Department of Health and Human ⁤Services, according to reporting by STAT News.

• Recipient 1: Mariann Yeager, CEO,⁣ The​ Sequoia Project
• Recipient 2: Principal Deputy ⁣Assistant Secretary⁢ for Health Information Technology,⁤ Department of Health and Human Services

Carequality and the Concerns

Carequality⁤ is a ⁤private, interoperability framework designed to enable ⁣the secure exchange of health information across different⁤ electronic health record (EHR) systems. The health systems’ letter expresses concern⁢ that malicious actors ⁣are ‌exploiting vulnerabilities within⁣ these exchanges to gain‌ unauthorized access to sensitive patient data. ‌This follows a lawsuit filed by epic⁣ Systems against Particle Health, alleging that Particle improperly accessed and sold patient data obtained through carequality.

The lawsuit, filed in the U.S. district Court for⁤ the Western ‌District of Wisconsin on January 9, 2026, details how Particle allegedly bypassed⁢ security protocols to extract⁣ patient information and then sold it to third ⁤parties⁣ for‍ profit. Case 3:26-cv-00001-wmc

Epic’s Lawsuit​ and Allegations

epic’s ⁤complaint ⁢alleges that particle Health, a data intermediary, engaged in systematic and unauthorized access to patient data through the Carequality network.Specifically, Epic⁢ claims Particle circumvented security measures ‍and extracted ⁤patient‌ information without proper authorization or consent. The ⁢lawsuit seeks injunctive⁢ relief and damages.

according to⁣ the complaint, Particle accessed data from at least 16 health systems connected to carequality. Epic alleges that Particle then sold this data to companies involved in ⁣marketing and research, ‌violating patient privacy and possibly exposing individuals to harm. Epic Press Release

The Health Systems’ Demands

The health systems are requesting that The Sequoia Project and the Department of Health⁢ and Human Services take immediate action to address⁤ the security vulnerabilities within Carequality and other⁢ health⁢ information exchanges. Specific‌ demands include:

1. Enhanced monitoring and auditing of data access.
2. Stricter enforcement of data use agreements.
3. Implementation of stronger authentication and authorization protocols.
4. Increased clarity regarding data access practices.

The letter emphasizes the need for a collaborative approach to protect patient privacy and ⁤maintain‍ trust in the health information ‌exchange ecosystem.