Epic Sys. Corp. v. Tata Consultancy Servs. Ltd.

• Citation: 980 F.3d 1117
• Decision Date: 20 August 2020
• Docket Number: Nos. 19-1528 & 19-1613,s. 19-1528 & 19-1613
• Parties: EPIC SYSTEMS CORP., Plaintiff/Counterclaim Defendant-Appellee/Cross-Appellant, v. TATA CONSULTANCY SERVICES LTD. & Tata America International Corp. d/b/a TCS America, Defendants/Counterclaim Plaintiffs-Appellants/Cross-Appellees.
• Court: United States Courts of Appeals. United States Court of Appeals (7th Circuit)

980 F.3d 1117

EPIC SYSTEMS CORP., Plaintiff/Counterclaim Defendant-Appellee/Cross-Appellant,

v.TATA CONSULTANCY SERVICES LTD. & Tata America International Corp. d/b/a TCS America, Defendants/Counterclaim Plaintiffs-Appellants/Cross-Appellees.

Nos. 19-1528 & 19-1613

United States Court of Appeals, Seventh Circuit.

Argued January 16, 2020

Decided August 20, 2020

Amended November 19, 2020

Rehearing and Rehearing En Banc Denied November 30, 2020

Rick Richmond, Nick G. Saros, Attorneys, Jenner & Block LLP, Los Angeles, CA, Anthony A. Tomaselli, Kristin Graham Noel, Attorneys, Quarles & Brady LLP, Madison, WI, Michael T. Brody, Attorney, Jenner & Block LLP, Chicago, IL, for Plaintiff-Appellee.

Christopher Egleson, Attorney, Sidley Austin LLP, Los Angeles, CA, Carter G. Phillips, Attorney, Sidley Austin LLP, Washington, DC, Constantine L. Trela, Jr., Neil H. Conrad, Robert N. Hochman, Attorneys, Sidley Austin LLP, Chicago, IL, for Defendants-Appellants.

Before Flaum, Manion, and Kanne, Circuit Judges.

Kanne, Circuit Judge.

Without permission from Epic Systems, Tata Consultancy Services ("TCS")¹ downloaded, from 2012 to 2014, thousands of documents containing Epic's confidential information and trade secrets. TCS used some of this information to create a "comparative analysis"—a spreadsheet comparing TCS's health-record software (called "Med Mantra") to Epic's software. TCS's internal communications show that TCS used this spreadsheet in an attempt to enter the United States health-record-software market, steal Epic's client, and address key gaps in TCS's own Med Mantra software.

Epic sued TCS, alleging that TCS unlawfully accessed and used Epic's confidential information and trade secrets. A jury ruled in Epic's favor on all claims, including multiple Wisconsin tort claims. The jury then awarded Epic $140 million in compensatory damages, for the benefit TCS received from using the comparative-analysis spreadsheet; $100 million for the benefit TCS received from using Epic's other confidential information; and $700 million in punitive damages for TCS's conduct.

Ruling on TCS's motions for judgment as a matter of law, the district court upheld the $140 million compensatory award and vacated the $100 million award. It then reduced the punitive-damages award to $280 million, reflecting Wisconsin's statutory punitive-damages cap. Both parties appealed different aspects of the district court's rulings.

We agree with the district court that there is sufficient evidence for the jury's $140 million verdict based on TCS's use of the comparative analysis, but not for the $100 million verdict for uses of "other information." We also agree with the district court that the jury could punish TCS by imposing punitive damages. But the $280 million punitive-damages award is constitutionally excessive, so we remand to the district court with instructions to reduce the punitive-damages award.

I. BACKGROUND

Epic Systems is a leading developer of electronic-health-record software. This software aims to improve patients’ quality of care by keeping relevant information about patients—like patient schedules and billing records—in a central location. Epic provides versions of this software to some of the top hospitals in the United States. Each customer licenses from Epic software applications (modules) to fit the customer's specific needs. The customer can then customize the software to ensure it operates properly within the customer's organizational structure.

The complexity of Epic's health-record system requires Epic's customers to consistently update and test their systems. To facilitate this process, Epic provides its customers with access to a web portal called "UserWeb." UserWeb provides various resources—including administrative guides, training materials, and software updates—and it also supplies an online forum where Epic's customers can share information.

Along with these helpful resources, UserWeb contains confidential information about Epic's health-record software. To protect this information, Epic restricts who can access the UserWeb portal. Epic's customers, who have access, are required to maintain the confidentiality of this information, and they are expected to allow specific individuals access to this sensitive information on a "need-to-know" basis only.

To guard this confidentiality, Epic allows only credentialed users to access UserWeb; to get credentialed, users must prove they are either a customer or a consultant. Customers get access to all features and documents related to the modules they license from Epic. Consultants—who are hired by customers to implement and test Epic's software—cannot access features like the discussion forum and training materials.

In 2003, Kaiser Permanente—the largest managed-healthcare organization in the United States—obtained a license from Epic to use KP HealthConnect, a Kaiser-specific version of Epic's electronic-health-record software. Because of Kaiser's size, implementation of KP HealthConnect is highly complex; testing and tweaking it after each update is complicated and time consuming.

For help with these tasks, Kaiser hired TCS in 2011. TCS provides information-technology services, like software testing and consulting, on a global basis. But TCS also has its own electronic-health-record software, Med Mantra, which at the time was predominately sold in India.

Epic was aware of this conflict of interest and was concerned about TCS's relationship with Kaiser. Still, Kaiser used TCS to test KP HealthConnect. But to fulfill its obligation of confidentiality to Epic, Kaiser imposed rules for TCS to follow while working on Kaiser's account.

First, TCS was required to perform all services related to KP HealthConnect at Kaiser offices in the United States or offshore development centers—approved facilities outside the United States.

Second, TCS was required to follow strict security protocols at the offshore development centers. Desktop computers used to work on KP HealthConnect could be used only for Kaiser-related work. To ensure these computers could not access the internet or TCS's email system, a firewall was installed. Other computers at the offshore facilities could access TCS's network and email system but were not allowed to access KP HealthConnect material.

TCS, while operating under these strict requirements, provided testing and support services to Kaiser. But TCS employees claimed they could perform the required tasks more efficiently if they had full access to UserWeb. Kaiser repeatedly asked Epic to grant TCS this access; Epic repeatedly declined to do so.

Unsatisfied with this lack of access, in late 2011, TCS found a way to gain unfettered access to all the information available on UserWeb: the key was Ramesh Gajaram. TCS hired Gajaram to work on the Kaiser account from an offshore development center in Chennai, India. Before working for TCS, Gajaram worked for a different company that also helped Kaiser test KP HealthConnect. While working for that company, Gajaram falsely identified himself to Epic as a Kaiser employee, and Epic granted Gajaram full access to UserWeb.

Gajaram informed his superior at TCS, Mukesh Kumar, that he still had access to UserWeb. At Kumar's request, Gajaram accessed the UserWeb portal. Gajaram also shared his login credentials with other employees at the Chennai offshore development center. A few years later, Gajaram transferred to TCS's Portland, Oregon office; he again shared his UserWeb login credentials with at least one other TCS employee.

Thanks to Gajaram's actions, dozens of TCS employees gained unauthorized access to UserWeb. And from 2012 to 2014, TCS employees accessed UserWeb thousands of times and downloaded over 6,000 documents (1,600 unique documents) totaling over 150,000 pages. These documents contained Epic's confidential information, including some of its trade secrets. And not all of this information related to TCS's work for Kaiser; employees downloaded information related to a medical-laboratory module that Kaiser does not license from Epic.

This unauthorized access came to light in early 2014, when Philip Guionnet, a TCS employee, attended meetings concerning the Med Mantra software. At the first meeting, Guionnet observed a demonstration of Med Mantra for Kaiser executives. Guionnet was "astounded"; he had seen Med Mantra several times before and believed the software had dramatically improved.

After this meeting, Guionnet was concerned that "some of the information from Kaiser had been used to improve Med Mantra." So, Guionnet visited the Med Mantra product development team. During his visit, a TCS employee showed Guionnet a spreadsheet that compared Med Mantra to Epic's electronic-health-record software. The spreadsheet compared, in some detail, the functionalities of the two products. Guionnet believed this spreadsheet confirmed his suspicion that information regarding Kaiser's version of Epic's software had been used to improve Med Mantra.

Guionnet then asked for a copy of this spreadsheet. What he received instead was a less-detailed document referred to as the "comparative analysis."

The comparative analysis—a key document in this appeal—was created as a part of TCS's effort to see if it could sell Med Mantra in the United States. Specifically, TCS wanted to sell Med Mantra directly to Kaiser, who was using Epic's software, and wanted to be sure that "key gaps" in Med Mantra were addressed before this attempted sale. So, TCS gave a consultant from the Med Mantra team the task of creating a comparison between Med Mantra and Epic's software. In doing so, this employee worked with "Subject Matter Experts"—employees who had experience with Epic's software—and created the comparative analysis that was ultimately sent to Guionnet.

The comparative analysis is an 11-page spreadsheet that compares Med Mantra to Epic's software. The first page lists 33 modules, and it notes whether the module is available in Med Mantra and Epic's software; the...