Addressing the appropriateness of three separate damages awards totaling $520 million, the US Court of Appeals for the Seventh Circuit affirmed the lower court’s award of $140 million in compensatory damages, but found that $280 million in punitive damages does not meet the Due Process Clause of the Fourteenth Amendment. Epic Systems Corp. v. Tata Consultancy Services Ltd., Case Nos. 19-1528, 19-1613 (Aug. 20, 2020) (Kanne, J.).

Epic Systems is a leading developer of electronic health record software, which it licenses to top hospitals in the United States. Each customer-licensed module is specific to the customer’s needs and can be customized to ensure proper integration with the customer’s systems. In order to facilitate customization and updates to the software, Epic provides a web portal called “UserWeb,” which provides access to various resources including administrative guides, training materials, software updates and forums. UserWeb also contains confidential information about the health-record software itself, and as such, Epic restricts access to the UserWeb portal via credentialed logins. Those with access are also required to keep all UserWeb information confidential.

In 2003, Kaiser Permanente—the largest managed healthcare organization in the United States—obtained a license to use Epic’s software. Due to the size and complexity of integrating and maintaining the software, Kaiser hired Tata Consultancy Services (TCS) to help with updates and integration. TCS has its own electronic health record software, Med Mantra, which was known to Epic. Accordingly, Kaiser imposed numerous rules for TCS to follow in order to maintain the confidentiality of Epic’s software. TCS employees claimed that they could perform their required tasks faster if they had full access to UserWeb, which Kaiser repeatedly asked Epic to grant to TCS. Epic repeatedly declined this request.

Undeterred, TCS was able to find another way into Epic’s UserWeb. TCS hired an employee who had full access to UserWeb, which he gained from working for a different organization that also helped manage Kaiser’s integration of Epic’s software. While in his previous position, the employee had falsely claimed to be a Kaiser employee, thus allowing him full access to UserWeb. The employee shared these credentials with numerous TCS employees, who then had unfettered access to UserWeb, which contained confidential information relating to Epic’s healthcare software.

TCS used this information to generate a “comparative analysis” document, an 11-page spreadsheet that compares TCS’s software, Med Mantra, to Epic’s software. TCS wanted to sell Med Mantra directly to Kaiser, and the first step was to be sure that “key gaps” in the Med Mantra software were addressed before the attempted sale. After viewing a presentation that included the comparative analysis document, one TCS employee alerted Kaiser and Epic to the existence of the document and the fact that TCS had gained access to UserWeb.

A few months later, Epic filed suit against TCS, alleging that TCS used fraudulent means to access and steal Epic’s trade secrets and other confidential information. After a trial, the jury returned a verdict in favor of Epic on all claims. During the damages trial, [...]

Continue Reading