17 April 2016

Pin It

In Depth US Jury slaps $940mn on Tata India Epic Case

In Depth US Jury slaps $940mn on Tata India Epic Case

the federal grand jury in the US State of Wisconsin has slapped two companies of India's Tata group -- Tata Consultancy Services (TCS) and Tata America International Corp with a USD 940 million fine in a trade secret lawsuit filed against them by Epic Systems for allegedly ripping off its software.

The verdict came after the case was heard in Courtroom 250 of Judge William M. Conley, based on the lawsuit filed by Epic Systems of Verona—a major company in electronic health records

Epic Systems had accused TCS and Tata America International Corp, in a lawsuit filed in October, 2014 in US District Court in Madison which was amended in January and December 2015, of "brazenly stealing the trade secrets, confidential information, documents and data" belonging to Epic. In its lawsuit, Epic had said that TCS took that data while consulting for its customer.

The 39-page complaint alleged that Tata workers, hired as consultants to help a client, Kaiser Permanente in Oregon, to use its software, downloaded 6,477 documents accounting for 1,687 unique files from Epic's computers inappropriately, including those on its proprietary software.

The complainant further said a Tata employee had tipped off Epic about this activity and that the Indian company's leadership in the US and India were aware of the development that had commenced in 2012.

Epic claimed the defendant company used the documents and information to identify features of its software to accelerate the development of a rival product called Med Mantra.

Epic is a Wisconsin-based healthcare company. Epic makes software that manages the storage and collection of patient and care process data into a common database. Epic markets this software to mid-size and large medical groups, hospitals, and integrated healthcare organizations throughout the United States and the world.

Tata Consultancy Services Limited (“Tata India”) is an Indian corporation that does over half of its business in America. Tata India specializes in information technology services, consulting, and business solutions; it also develops and markets software products, including the hospital management system “Med Mantra.”

Tata America International Corporation (“Tata America”) is a New York corporation registered to do business in Wisconsin. Tata America is a wholly-owned subsidiary of Tata India, which provides IT services, consulting, and computer systems integration services within the United States.

Kaiser Permanente (“Kaiser”) is one of the largest managed healthcare organizations in the United States. On February 4, 2003, Epic entered into a written agreement with Kaiser (the “Kaiser Agreement”) under which Epic licensed software to Kaiser to support patient care delivery activities and to provide Kaiser with customer- level access to Epic’s UserWeb. The UserWeb is a protected electronic workspace created by Epic to aid customers in maintaining and implementing Epic products by providing training and other useful information. The Kaiser Agreement also provided protection for Epic’s confidential information, permitting information to be disseminated from the UserWeb only on a need to know basis and to be used only to fulfill the purposes of the Kaiser Agreement.

To access Epic’s UserWeb, an individual must register as an employee of either an Epic customer or a consultant to an Epic customer. However, in order for a consultant employee to attain UserWeb access, two additional steps must be completed:

(1) the individual attempting to register must sign the UserWeb Access Agreement

(2) the consulting firm must sign the Consultant Access Agreement. Once the applicable steps are completed, that individual attains UserWeb access with no further restrictions, except that a consultant employee’s access is purposefully limited solely to the areas of the UserWeb necessary to support his or her customer.

Tata was hired by Kaiser to serve as a consultant. In August 2005, several Tata employees attempted to register for customer-level access. Though they used Tata email addresses when registering, they represented themselves to be customer employees.
When Epic discovered the discrepancy, it removed the Tata employees from the UserWeb and informed them that Tata employees could not take training courses on the UserWeb until Tata entered into a Consultant Agreement with Epic.

On August 10, 2005, Epic and Tata America proceeded to enter into a Standard Consultant Agreement (the “Tata America Agreement”).
Through the Tata America Agreement, Epic allowed certain Tata employees to access training programs on the UserWeb for the purposes of providing consulting services to Kaiser on the implementation of “Epic Program Property,” defined in the agreement as “computer program object and source code and the Documentation for all of Epic’s computer programs.” In return, Tata America agreed to certain obligations:

1. Tata America will “limit access to the Program Property to those of Your employees who must have access to the Program Property in order to implement the Program Property on Epic’s or its customer’s behalf;”

2. Tata America will not “[u]se the Program Property . . . for any purpose other than in-house training of Your employees to assist Epic customers in the implementation of the Program Property licensed by that Epic customer;”

3. Tata America will “require any of Your employees who are given access to the Confidential Information to execute a written agreement . . . requiring nondisclosure of the Confidential Information and limiting the use of the Confidential Information to uses within the scope of the employee’s duties conducted pursuant to this Agreement” or “inform all such employees that You are obligated to keep Confidential Information confidential.” (“Confidential Information” is defined as information “concerning the functioning, operation or Code of the Program Property, Epic’s training or implementation methodologies or procedures, or Epic’s planned products or

4. Tata America will “use any Confidential Information only for the purpose of implementing the Program Property on an Epic customer’s behalf;”

5. Tata America will “[n]notify Epic promptly and fully in writing of any person, corporation or other entity that You know has copied or obtained possession of or access to any of the Program Property without authorization from Epic;”

6. Tata America will “[n]ot permit any employee while in Your employment who has had access to the Program Property of any Confidential Information relating to the Program Property to participate in any development, enhancement or design of, or to consult, directly or indirectly, with any person
concerning any development, enhancement or design of, any software that competes with or is being developed to compete with Epic Program Property[.]”

Year 2012 -

As early as 2012, Tata began accessing and downloading information from Epic’s UserWeb without authorization.

Epic primarily based allegation on information received from a Tata informant, Philippe Guionnet. Until May 2014, Guionnet was responsible for managing all aspects of Tata’s contract with Kaiser, reporting directly to Tata executive management. On multiple occasions, his job responsibilities exposed him to Med Mantra products. He also participated in marketing Med Mantra products to Kaiser and was aware of comparisons between Epic and Med Mantra softwares created by the Med Mantra team.

According to Guionnet, downloaded information included both Program Property and Confidential Information within the meaning of the Tata America Agreement. Once downloaded, this information was used to benefit Tata’s competing Med Mantra software. Guionnet also represents that Tata leaders in the U.S. and India were aware of and complicit in this scheme.

Once aware of the unauthorized downloading, Epic conducted an investigation of its UserWeb, which led to the account of Ramesh Gajaram, a Tata employee, working as a consultant for Kaiser in Portland, Oregon.

Gajaram’s account revealed that at least 6,477 documents, accounting for 1,687 unique files, had been downloaded, including documents containing Program Property and Confidential Information within the meaning of the Tata America Agreement. Many of these documents were not necessary for Gajaram to perform his job functions for Kaiser. Examples of confidential and/or trade secret documents that Gajaram attained only through his improper customer-level access include Community Connect Install Summary, ADT End-User Proficiency Question Bank, ED Registrar Checklist, and the Physician’s Guide to EpicCare Ambulatory zip file.

Furthermore, Epic’s investigation revealed that Gajaram’s access credentials had been used outside Oregon to download documents from an IP address in India registered to Tata. When confronted, Gajaram admitted to violating the UserWeb Access Agreement by providing his access credentials to two other Tata employees in India -- Aswin Kumar Anandhan and Sankari Gunasekara -- neither of whom needed access to much of the information downloaded from Gajaram’s account in order to perform their job functions for Kaiser.

In addition to being misused, Gajaram’s UserWeb log-in credentials were also obtained in a deceptive manner. When Gajaram registered for his UserWeb credentials, he registered as a customer employee, rather than as a consultant and used a Kaiser, rather than a Tata, email address. Rather than the more limited consultant-level access, this allowed Gajaram broader, customer-level access.

After Epic suspended Gajaram’s access to the UserWeb, Gajaram sent two emails requesting reactivation. The first email request was sent on June 24, 2014, and listed only his Kaiser role in the signature block, with his Tata role deleted.

The second email request was sent on June 30, 2014, and included his full signature with his roles for both Kaiser and Tata disclosed.

Epic argues the omission of Tata from the June 24 email permits an inference that Gajaram intentionally misrepresented himself to be a Kaiser employee, and that his objective was to obtain unauthorized UserWeb access.

On October 31, 2014, Epic filed a complaint seeking both injunctive relief and monetary damages. On January 5, 2015, Tata filed a motion to dismiss the majority of Epic’s claims. In response, Epic filed an amended complaint on January 26, 2015

Epic claims Tata violated the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, and Wisconsin’s Computer Crimes Act, Wis. Stat. § 943.70. Epic also asserts various other claims under Wisconsin’s statutes and common law, including misappropriation of trade secrets, Wis. Stat. § 134.90, breach of contract, breach of the covenant of good faith and fair dealing, fraud, conversion, common law unfair competition, injury to business, Wis. Stat. § 134.01, and property damage or loss, Wis. Stat. § 865.446. As an alternative to its breach of contract claim, Epic also asserts a
claim for unjust enrichment.

In particular, Epic noted several purported internal investigations conducted by TCS
for which it has to date received no or only partial discovery based on claims by TCS that the documents do not exit, have no relevance or were subject to blanket privilege. Among these number the following:
(1) an HR investigation in the spring and early summer of 2014;
(2) an audit committee investigation also in spring and early summer of 2014;
(3) a security department investigation prompted at Kaiser Permanente’s request in July 2014, with a report issued in September 2014;1
(4) the so-called “Kelley Drye” investigation performed by TCS’s litigation counsel after this suit was filed; and
(5) the “Pushpa Hegde” investigation.

Epic contends that all of these TCS investigations should have been disclosed in
response to interrogatories served in April 2015 because each was responsive and concern
what Epic characterizes as the three key liability questions in this case:
(1) who accessed and downloaded Epic’s confidential information through UserWeb;
(2) who received and reviewed that information once downloaded;
(3) how was Epic’s information used by TCS?

After days of hearing, the federal grand jury in the US State of Wisconsin ruled that Tata Consultancy Services Ltd and Tata America International Corp. must pay USD 240 million to Epic Systems for allegedly ripping off its software. Tatas have also been asked to pay another USD 700 million in punitive damages.

Reacting to the judgment, TCS said it “did not misuse or derive any benefit from downloaded documents from Epic System’s user-web portal” and decided “to defend its position vigorously in appeals to higher courts.” Tata India told to media that they will study verdict and file appeal against the verdict in higher courts.

Reality views by sm –

Sunday, April 17, 2016

Tags – US Epic TCS Case


Destination Infinity April 18, 2016  

Epic, I feel, should have not given access to such critical files to a person from an outsourced company in the first place.

Not sure why they allowed it. This only reiterates that companies cannot outsource everything, and they should constantly monitor what outsourcer's employees are doing. This monitoring process can even be automated, nowadays.

Destination Infinity