Alphabet’s Verily Sued by Former Executive Over Alleged HIPAA Breaches

Posted by Steve Alder

A lawsuit has been filed against Alphabet-owned Verily by a former employee who alleges that the personally identifiable health information of more than 25,000 patients was misused, and the company failed to report the HIPAA breaches, as required by the Health Insurance Portability and Accountability Act (HIPAA).

Verily, formerly Google Life Sciences, is a research organization owned by Google’s parent company, Alphabet. The Verily platform drives AI-powered precision health solutions that help pharmaceutical firms bring new therapies to market sooner and health systems and payers improve patient outcomes at a lower cost. The lawsuit alleges that an internal investigation confirmed HIPAA breaches involving HIPAA-protected data obtained from 14 HIPAA-regulated entities. The lawsuit claims patient data was used without authorization, in violation of the HIPAA Privacy Rule. Further, while the investigation uncovered misuses of patient data, Verily failed to disclose the breach, delaying notifications while contract renewals were negotiated with the affected covered entities, in violation of the HIPAA Breach Notification Rule.

The lawsuit was filed last year; however, it failed to be reported by the media until it was spotted by CNBC, which reported on the lawsuit last week. The lawsuit was filed by Ryan Sloan, a former chief commercial officer at Verily Onduo, Verily’s diabetes and hypertension business. The lawsuit is currently pending in the United States District Court for the Northern District of California in San Francisco, having survived a motion to dismiss or resolve the lawsuit through arbitration.

Sloan was hired by Verily in 2020 and was employed until he was terminated in January 2023. Sloan claims that he and Julia Feldman, general counsel at Onduo, discovered the HIPAA violations in January 2022 and reported them to senior management. Sloan claims that patient data was used for research, marketing campaigns, press releases, and national conferences, which are not uses permitted by the HIPAA Privacy Rule unless consent is obtained from patients.

Sloan claims that he and Feldman repeatedly raised the matter with senior management, and an internal investigation confirmed that there had been several HIPAA breaches of business associate agreements between Verily and HIPAA-covered entities, including Quest Diagnostics, Highmark Health, Walgreens Boots Alliance, and others. Despite the discovery of HIPAA breaches, Sloan alleges no notifications were issued.

He claims that during a contact negotiation between Verily and Highmark Health in August 2022, Verily misrepresented that it was fully compliant with the HIPAA Rules at all times, when the company knew that HIPAA violations had occurred, including with Highmark Health data. The lawsuit claims that Feldman was terminated later that month, along with another individual who was aware of the HIPAA breaches. Sloan was terminated in January 2023, which he claims was in response to repeatedly raising concerns about the HIPAA violations and the alleged cover-up of the HIPAA breaches.

There is no private cause of action under HIPAA, so individuals are not permitted to sue for HIPAA violations. Only the HHS’ Office for Civil Rights (OCR) and state attorneys general have the authority to take legal action for HIPAA violations. The lawsuit, Sloan v. Verily Life Sciences LLC, claims that Verily retaliated against Sloan after he raised the HIPAA violations in good faith, in breach of his employment contract. Verily denies the allegations.

“Verily believes the allegations and contentions alleged in this employment matter that was commenced in 2023 are completely without merit. Verily will defend itself to the full extent of the law,” said a Verily spokesperson in a statement to CNBC. “Verily is an equal opportunity employer, and takes its responsibility and commitment to abide by all laws and regulations seriously.  As this is an ongoing legal matter, Verily will not be providing further comment at this time.”

The post Alphabet’s Verily Sued by Former Executive Over Alleged HIPAA Breaches appeared first on The HIPAA Journal.

What is the Best EMR for Small Practices in 2025?

Posted by Steve Alder

Whether you are starting a new practice or looking to grow your existing business, choosing the right electronic medical record system (EMR) is key to improving revenues and profits. An EMR is more than a system for managing large data records. An EMR is an invaluable tool at the heart of your practice that facilitates many aspects of your practice’s operations, such as scheduling, payments, insurance billing, record requests, patient engagement, telehealth, patient follow-ups, and HIPAA compliance.

In addition to ensuring accurate patient records, an EMR is an invaluable tool for aiding decision-making, improving efficiency by streamlining documentation, and eliminating manual administrative tasks that inevitably impact revenue-generating activities and patient care. An EMR can significantly improve the patient experience by streamlining scheduling, providing patients with easy access to their health data to improve engagement, and facilitating communication, helping to improve satisfaction and attract new patients.

With an EMR that is the right fit for your practice, you can reduce the administration burden on clinicians and administrative staff and improve efficiency, allowing you to spend more time providing high-quality, personalized, value-based care.

An EMR Streamlines Operations and Improves Efficiency

An EMR improves efficiency, streamlines data management and billing processes, while helping ensure compliance with HIPAA and state laws, but it is vital to get the right EMR solution for your practice that meets your current needs and has the scalability to support your practice as it grows.

There is a myriad of EMRs to choose from, and while Epic and Oracle Cerner are the most commonly used enterprise EMRs, they require a significant investment and are not well-suited for solo providers and small independent practices, as they prioritize operational scale and standardization.

EMRs for small practices are more affordable, easier to use, and offer far greater flexibility, often providing scope for customization to support specialty-specific workflows and value-based individualized care. The best EMR for small practices will allow you to streamline practice operations while meeting your regulatory obligations under HIPAA, EPCS, and other federal and state regulations, allowing you to concentrate on providing the highest quality patient care.

With the right EMR, you will be able to significantly reduce time-consuming administrative tasks, improve clinical accuracy, and deliver a better patient experience, helping you to reduce the churn rate and win more business.

Choosing an EMR for Small Practices

Cost is naturally a key consideration for small practices. Setting up a new practice costs hundreds of thousands of dollars, after which there are likely to be considerable budgetary constraints. You naturally need to get good value for money and a significant return on your investment, but it is important to look past the cost of licenses and initial setup costs, which include data migration if you are changing EMRs. There are often ongoing monthly expenses, add-on costs for integrations and improving core EMR functionality, limited logins, and locked-in insurance billing partners and other vendors.

If you are starting out and have a handful of clients, what works initially may not be sustainable over time. Transitioning to a new EMR when you outgrow your current platform can be time-consuming and costly, with data migration headaches and a long learning curve, which will inevitably negatively impact operations until the staff gets up to speed.

It is therefore important to choose an EMR for small practices that has comprehensive features, supports extensive integrations, with workflow automation allowing for efficient practice management. The solution should incorporate business features, including billing and analytics, while supporting telehealth, electronic prescriptions, and compliance, with scalability to support the changing needs of your practice. The support options should not be overlooked, as if you experience any technical problems or require customizations, assistance should be provided quickly to allow you to rapidly resolve your issues.

A free EMR may seem like the best choice if you have a limited budget and competing priorities. While initially you could save hundreds or thousands of dollars, you may end up paying more in the long term due to limited functionality, a lack of live customer support.  You will generally only get basic features, and the core components generally do not extend to billing, comprehensive reporting, and analytics. Free EMRs are generally only free up to a point and often require an upgrade to a full or premium package to get more than the basic EMR functions. There are also security and compliance risks associated with free EMRs, many of which are open source.

If you have a clear vision for your practice and your area of specialization, a free EMR may be a good choice, but the lack of flexibility can be limiting, and the money saved on capital outlay could be lost – and more. There are, however, excellent low-cost EMRs for small practices with extensive functionality and comprehensive integrations to meet your current and future needs, that are easy to use and support individualized care.

Security and Compliance

Two areas that should not be overlooked are security and compliance. Security needs to be built into the core of the design, as the EMR contains the crown jewels of your business, and hackers are actively targeting small practices. Free EMRs are typically open source, which means the code is available to anyone to inspect, but that doesn’t mean that it has been thoroughly inspected, nor that there is an active community looking at the code to identify security weaknesses. Data leakage and security vulnerabilities can prove extremely costly.

While small practices were once able to fly under the radar, regulators are taking a keen interest in HIPAA compliance at small medical practices. The HHS’ Office for Civil Rights (OCR) has an enforcement initiative on patient access, and in recent years, many financial penalties have been imposed on small providers for noncompliance. The HHS is also cracking down on information blocking, so it is vital that your EMR provides an easy-to-use patient portal and supports seamless health data exchange.

The Best EMRs for Small Practices

The best EMRs for small practices strike a good balance between cost and functionality, providing the functions to meet your operational needs, scalability to grow with your practice, and support to resolve technical or usability issues quickly, without hidden costs.

The best EMRs for small practices streamline operations, allowing you to improve patient engagement, reduce the burden of compliance, and have flexibility and support customizations to meet your unique needs. To save you time in your search, the HIPAA Journal has assessed EMRs for small practices to help you find the best EMR to meet your practice’s needs.

OptiMantra is the Best EMR for Small Practices

In our opinion, OptiMantra is the best EMR for sole providers and small independent primary care, functional medicine, mental health, and aesthetics-focused practices due to a comprehensive range of features and integrations, excellent customer support, scalability, and scope for customization. The platform provides excellent value for money with one of the lowest monthly costs, and many features included with the license that other platforms provide only as paid add-on features.

OptiMantra is an all-in-one solution with a comprehensive suite of functions, including charting, scheduling, e-prescribing, billing, video chat for telehealth, and an integrated lab network for bloodwork and tests. The platform includes a HIPAA-compliant patient portal with email and text reminders to improve engagement and reduce no-shows, and an extensive library of forms, including MSQ, symptom surveys, mental health questionnaires, and email, text, and fax templates.

OptiMantra offers a full suite of clinical, billing, point of sale, digital, and cloud integrations, ensuring seamless integration with the most commonly used third-party service providers. The platform streamlines small practice operations, allows charting on the go through tablet and mobile-friendly interfaces, helping practices improve efficiency and concentrate on patient care. OptiMantra also reports that clinics see an average 37% increase in revenue in the first year of using the platform, and if you ever decide to change platforms, there is no tie-in other than a month’s notice.

OptiMantra is rated highly by users, with a 5/5 score on G2 and a 4.8/5 score on Capterra, and is universally praised for customer support, with responses typically received within an hour, earning OptiMantra a 2025 Best Customer Support software badge from Gartner-owned Software Advice.  OptiMantra is also highly responsive to suggestions and rapidly implements tweaks to improve usability in response to customer requests.

While we feel OptiMantra is the best EMR for small practices for features, flexibility, cost-effectiveness, and customer service, other platforms are worthy of consideration.

AdvancedMD is a Comprehensive All-in-one Solution with Strong Revenue Management Features

AdvancedMD is an all-in-one cloud-based EMR system aimed at small practices, although those at the larger end of the category. The platform includes a suite of features for independent medical practices, including mental health, physical therapy, and medical healthcare organizations, and has integrated scheduling, charting, billing, claims, e-prescribing, and telehealth capabilities, with a good patient portal and patient messaging feature for improving engagement.

The platform offers excellent stability and accessibility, and robust security for HIPAA Security Rule compliance, including multi-factor authentication. AdvancedMD has an excellent scheduling system, a good patient portal, and impressive revenue management features, making it an ideal choice for practices with their one in-house billing teams.

While the platform has extensive features to support single physicians and small practices, with excellent scalability to support practices as they grow, there are more cost-effective choices due to high set-up fees. Due to the high initial cost, users typically do not tend to see a return on their investment for 14 months, and the system generally takes around 2 months to fully implement. Once set up, the platform is easy to use and navigate, with well-functioning modules that are intuitive and a great choice for compliance, with a comprehensive audit trail with all actions time and date stamped.

AdvancedMD has a 3.6/5 rating on Capterra and a 3.6/5 rating on G2 and is praised for its customizable features and the ability to tailor workflows to specific practice needs, and while the platform is reliable with excellent uptime, it is prone to lag times during busy periods, and customer service and issue resolution are often subject to delays. Overall, the platform is a good choice for larger practices and medical groups.

Practice Fusion is a Good Low-Cost Choice Providing Basic EMR Functionality

Practice Fusion is a solid choice for practices with restrictive budgets, especially for new sole provider practices and small practices with 3 or fewer signing staff. Practice Fusion is an entry-level cloud-based EMR system that initially provided free-to-use basic functionality, although it has now moved to a subscription-only service with a 14-day free trial.

Set up is straightforward, and the platform is intuitive and easy to use, without a steep learning curve. The platform has basic reporting and scheduling capabilities, web-based charting and e-prescribing, and lab, imaging, and billing services, and a good patient portal.

Practice Fusion provides online and telephone support, although it has no dedicated customer service representatives for users, and response times can be slow, sometimes taking days rather than hours to resolve issues.

The platform has a 3.8/5 rating on G2 and a 3.7/5 rating on Capterra, with users praising the platform for ease of use, its lab and imaging integrations, and web-based charting and e-prescribing. There is a lack of integrations and interoperability, although improvements are continuously being made to integrate with other portals and improve patient record importing, and extend integrations with vendors. Users report some system stability issues, with occasional downtime due to crashes.

For single providers and practices with 3 or fewer signing staff, Practice Fusion is a good choice due to ease-of-use, solid core functions, a good patient portal, and lab, imaging, and billing capabilities. A free trial is strongly recommended, as there is a minimum tie-in of 12 months for subscriptions with no early cancellation.

The post What is the Best EMR for Small Practices in 2025? appeared first on The HIPAA Journal.