Thoughts on Healthcare Markets & Technology

Thoughts on Healthcare Markets & Technology

The Audit Economy Shows Up Early: A Five Point Six Million Dollar HHS Contract, an AI That Flags TEFCA Participants, and What the January Epic v Health Gorilla Forecast Got Right and Wrong

Jul 01, 2026
∙ Paid

Video Preview

🎧 Podcast episode for paid subscribers only. Also available on Spotify.

Thoughts on Healthcare Markets & Technology
The Audit Economy Shows Up Early: A Five Point Six Million Dollar HHS Contract, an AI That Flags TEFCA Participants, and What the January Epic vs Health Gorilla Forecast Got Right and Wrong
In January we said Epic v Health Gorilla wouldn’t stay a lawsuit. It would become a market. Five months later HHS awarded a $5.62M contract for TEFCA Audit, Review, and Compliance. The forecast is on the scoreboard. Thread…
Listen now
20 minutes ago · Thoughts on Healthcare

To listen to paid episodes in Apple or Spotify, link your Substack subscription via the show settings on those platforms (instructions inside the Substack app under Subscriptions → Podcast).

Table of Contents

  1. The setup nobody wanted to be right about

  2. What the January forecast actually called

  3. The contract that surfaced in a spending database

  4. What the tool does and why those six data feeds matter

  5. Where the forecast holds up

  6. Where it was wrong, or just early

  7. The govcon twist and what it means for builders

  8. What evolves next, and the part that could still go nowhere

    Thoughts on Healthcare Markets & Technology is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Abstract

In mid-January this publication argued that Epic v Health Gorilla would not stay a lawsuit. It would metastasize into a regulatory problem, and that problem would create demand for purpose-of-use auditing in TEFCA and Carequality. The piece put “enhanced governance without mandated audits” at 60 to 70 percent within 24 months, and a RADV-style mandated audit market at 30 to 50 percent within 36 months, with a speculative total addressable market around 1.7 billion dollars, growing toward 2.5 to 3 billion by 2030. Five months later HHS quietly awarded Alliance Global Tech a 5-year, $5.62 million contract for “TEFCA Audit, Review, and Compliance,” using AI across six federal data feeds to flag participants for human review. The public reporting and the company’s now-removed materials identify the named feeds as NPPES, SAM.gov, and PECOS, along with three others not specified in the article. This essay maps the forecast against reality: the structure was right (outsourced, AI-driven triage feeding human audit, built on external registries), the magnitude is still far smaller than the forecasted market, and the first mover is a federal IT generalist rather than the health-IT-plus-clinical-review hybrid the forecast imagined. The revenue architecture also flipped from participant-pays to government-pays. The market is being born. Whether it ever grows up is the open question.

The setup nobody wanted to be right about

There is a specific flavor of discomfort that comes from watching a forecast come true faster and weirder than expected. Not the smug kind. The kind where you squint at a government spending database at four in the afternoon and think, well, that escalated.

Quick refresher for anyone who skipped the January piece. Epic and a cluster of health systems, OCHIN, Trinity Health, UMass Memorial, and Reid Health, sued Health Gorilla and downstream companies in the Central District of California, alleging that those companies walked through the front door of the national interoperability frameworks by claiming treatment purposes, pulled patient records, and then routed the data to mass tort marketing. The numbers in the complaint were not subtle. RavillaMed allegedly pulled north of forty-two thousand records from Epic customers alone. Mammoth allegedly pulled more than a hundred and forty thousand. Across the whole complaint, roughly three hundred thousand patient records. The returned documentation, per Epic, was either blank or organized around PFAS exposure markers, which is a tell, because nobody coordinating actual care sorts a chart by which chemical might support a lawsuit.

The January thesis was not about whether Epic wins. It was about plumbing. TEFCA and Carequality run on distributed trust. Implementers and QHINs vet their own connections, the framework operators provide governance but do not independently verify each participant, and when somebody asserts a treatment purpose, the responding system answers automatically. No human in the loop. The argument was that a trust-based system at this scale, with money on every connection and basically nobody paid to police behavior, was a market failure waiting to be productized. The parties best positioned to catch fraud have the least incentive to look. The parties harmed have no detection capability. The framework operators do not have the staff. So either the frameworks build verification, or somebody sells it to them.

That somebody now has a contract number.

What the January forecast actually called

User's avatar

Continue reading this post for free, courtesy of Thoughts on Healthcare.

Or purchase a paid subscription.
© 2026 Healthcare Markets & Technology · Privacy ∙ Terms ∙ Collection notice
Start your SubstackGet the app
Substack is the home for great culture