Allscripts Healthcare, LLC v. DR/Decision Res., LLC

386 F. Supp. 3d 89

• Court: District Court, District of Columbia
• Decided: July 3, 2019
• Docket: Civil Action No. 19-11038-NMG
• Status: Published

Opinion

Nathaniel M. Gorton, United States District Judge

This suit arises out of a contractual dispute. Plaintiff, a healthcare company that collects sensitive, patient-level data, licenses that data to the defendant, a healthcare consulting company that compiles and/or repackages that data and sells it to third *91parties. In addition to claiming breach of contract, plaintiff alleges trade secret misappropriation (under federal and state law), unfair and deceptive practices under Massachusetts law and fraud in the inducement. Defendant has filed a counterclaim for declaratory judgment, unfair competition, misleading statements under the Lanham Act and breach of contract. The parties have filed cross motions for injunctive relief.

I. Background

A. Factual Background

Allscripts Healthcare, LLC ("Allscripts" or "plaintiff") is a health information technology company that collects, aggregates and de-identifies sensitive, patient-level data from a network of medical practices. It collects such data in compliance with applicable privacy and security laws and regulations, including the Health Information Portability and Privacy Act Privacy Rule ("HIPAA Privacy Rule" or the "Privacy Rule").

As part of its business model, Allscripts licenses its data to third party recipients, provided that they can assure Allscripts of their ability to protect the data and an independent statistician certifies that the data has been de-identified in compliance with HIPAA.

In June, 2014, Allscripts entered into a Master Data License Services Agreement ("the Agreement") with DR/Decision Resources, LLC d/b/a Decision Resources Group ("DRG" or "defendant"), a healthcare data and consulting company that creates and sells reports containing healthcare data.

1. Terms of the Agreement

Pursuant to the terms of the Agreement, which is governed by Delaware law (§ 9.2), either party can terminate the contract if the other party commits a material breach and fails to cure within 30 days of receiving written notice (§ 8.2).

The relevant provisions in the Agreement that delineate use and disclosure of Allscripts' data are excerpted as follows:

Section 3.1 defines "data" as the

aggregated, de-identified patient data set derived from Allscripts' network of participating medical practices which use Allscripts electronic health records software

... If Data is de-identified in accordance with a statistician certificate, both parties shall comply with the terms of such statistician certificate.

Section 3.2 further states the terms of the license agreement, in relevant part:

Subject to Client's compliance with the terms of this Agreement, Allscripts hereby grants to Client a limited, revocable non-exclusive license to use the Data to create analyses, reports and products ("Client Products") using the Data and to commercially distribute such Client Products to its customers. If the Data is de-identified using a statistician certification, such license is subject to the terms and restrictions set forth in the statistician certificate.

Section 3.3 provides that the client shall have no right to

sell, license, transfer or distribute the Data to any third party other than as permitted under this Agreement.

Finally, Section 5.2 states that DRG has a duty of confidentiality that extends for five years after either expiration or termination of the contract but that Allscripts data, trade secrets and software systems and related information must be kept confidential in perpetuity.

*922. Terms of the Certification

In 2014, Allscripts commissioned Dr. Patrick Baier ("Dr. Baier") to issue a statistician certification with respect to the data DRG receives from Allscripts, entitled HIPAA Certification for Allscripts Descriptions Resources Group Site Certification ("the Certification"). Dr. Baier issued another certification in 2018, which contains the same language with respect to the disputed provisions. For ease of reference, the Court will use the paragraph citations from the 2018 Certification. The Certification provides, in relevant part, that

Decision Resources Group will either keep the Allscripts data internally for its own use, or may create analyses, reports and products using data and other data and distribute such products to its customers under the condition that Decision Resources Group will not disclose the Allscripts data to any further parties.

Decision Resources Group and any third party clients of Decision Resources Group receiving Allscripts data as above may however as part of their business activities produce summary works and aggregated derivative works as part of its product offerings. Such works must be sufficiently aggregated so as to prevent any conclusions about individual patients.

§§ 9 and 10.

Furthermore, § 28 provides that

Decision Resources Group will not provide patient level Allscripts data to a client, either alone or in combination with other data sources. Decision Resources Group may disclose derivative works such as summaries and analytical results as long as they are not linked to any individuals.¹

In 2014, DRG's Executive Vice President for Solutions informed Allscripts by email that it

agreed[d] to comply with the terms of the certificate, certifying that the data delivered to DRG is de-identified in compliance with HIPAA.

3. Allegations and Procedural Background

In 2017, DRG considered purchasing a data provider called Practice Fusion. As part of its due diligence, DRG provided Practice Fusion's CEO, Tom Langan ("Langan"), with access to DRG's business model, including confidential and proprietary information about DRG's data sales division. During that process, Langan interviewed for a position as DRG's Chief Commercial Officer ("CCO"). Langan verbally accepted DRG's offer but eventually reneged. In February, 2018, Allscripts acquired Practice Fusion and Langan stayed on as Practice Fusion's CEO. Thereafter, Allscripts formed a new business unit, Veradigm, with Lanagan as its CEO, that competes directly with DRG. Defendant alleges that Langan is using confidential information from DRG to compete unfairly against DRG.

In October, 2018, Stephanie Reisinger ("Reisinger"), who is a senior executive at Veradigm and who was previously the president of another company that DRG negotiated to acquire, conducted Allscripts' audit of DRG. Allscripts contends that it exercised its audit rights under the Agreement because it heard rumors that DRG was licensing patient-level data to third parties in violation of the Agreement.

On February 15, 2019, Allscripts sent a letter to DRG asserting that DRG was in material breach of the Agreement because neither the Agreement nor the Certification *93grant DRG the right to provide Allscripts' patient-level data to any DRG client. On February 22, DRG asked if Allscripts believes that DRG was violating HIPAA. On February 28, 2019, in response to DRG's disavowal of the accused conduct, Allscripts stated that the initial letter was in reference to a breach of contract, not HIPAA compliance.

In May, 2019, while the parties were mediating the dispute, Allscripts filed this action alleging 1) violation of the Defend Trade Secrets Act ("DTSA"), 2) trade secret misappropriation under Massachusetts law, 3) breach of contract, 4) unfair and deceptive practices under M.G.L. c. 93A and 5) fraud in the inducement. In response, defendant filed an answer and counterclaim (Docket No. 11) and a motion for temporary restraining order ("TRO") and/or a preliminary injunction (Docket No. 12).²

DRG agreed to withdraw its motion for a TRO because Allscripts extended the cure period but exhorts its motion for a preliminary injunction. Allscripts has filed interim and final oppositions (Docket Nos. 14 and 28) to defendant's motion and, subsequently, its own motion for preliminary injunction (Docket No. 25) and a motion to dismiss (Docket No. 34).

On June 27, 2019, the Court heard oral argument on the cross motions for preliminary injunction, after which it took the matter under advisement.

II. Legal Analysis

A. Legal Standard

In order to obtain a preliminary injunction, the moving party must establish 1) a reasonable likelihood of success on the merits, 2) the potential for irreparable harm if the injunction is withheld, 3) a favorable balance of hardships and 4) the effect on the public interest. Jean v. Mass. State Police, 492 F.3d 24, 26-27 (1st Cir. 2007). Out of these factors, the likelihood of success on the merits "normally weighs heaviest in the decisional scales." Coquico, Inc. v. Rodriguez-Miranda, 562 F.3d 62, 66 (1st Cir. 2009).

The Court may accept as true "well-pleaded allegations [in the complaint] and uncontroverted affidavits." Rohm & Haas Elec. Materials, LLC v. Elec. Circuits, 759 F. Supp. 2d 110, 114, n.2 (D. Mass. 2010) (quoting Elrod v. Burns, 427 U.S. 347, 350, n.1, 96 S.Ct. 2673, 49 L.Ed.2d 547 (1976) ). The Court may also rely on otherwise inadmissible evidence, including hearsay, in deciding a motion for preliminary injunction. See Asseo v. Pan Am. Grain Co., Inc., 805 F.2d 23, 26 (1st Cir. 1986). Ultimately, the issuance of preliminary injunctive relief is "an extraordinary and drastic remedy that is never awarded as of right." Peoples Fed. Sav. Bank v. People's United Bank, 672 F.3d 1, 8-9 (1st Cir. 2012) (quoting Voice of the Arab World, Inc. v. MDTV Med. News Now, Inc., 645 F.3d 26, 32 (1st Cir. 2011) ).

B. DRG's Motion for Preliminary Injunction

Defendant moves for declaratory judgment on the grounds that 1) it has not breached the Agreement, 2) Allscripts is not entitled to terminate the Agreement and 3) Allscripts is contractually bound to provide data pursuant to the Agreement.

At the motion hearing, the parties agreed on the record that Allscripts will not terminate the Agreement during the pendency of this litigation. As such, defendant *94faces no irreparable harm and this Court will therefore deny its motion for preliminary injunction as moot.

C. Allscripts' Motion for Preliminary Injunction

Allscripts, in turn, moves for a preliminary injunction 1) to enjoin DRG from providing patient-level data to DRG's clients, whether by itself or in combination with other data sources, including the transformed patient-level data and 2) to require DRG to recover all patient-level data that DRG wrongly sold or sublicensed, pursuant to the Defend Trade Secrets Act ("DTSA").

1. Likelihood of Success on the Merits

Plaintiff avers that it will likely succeed on the merits with respect to both its breach of contract and trade secret claims. This Court is more skeptical.

a. Breach of Contract

To succeed on the breach of contract claim under Delaware law, plaintiff must show: 1) a contractual obligation, 2) breach of that obligation by defendant and 3) resulting damage. Terumo Americas Holding, Inc. v. Tureski, 251 F. Supp. 3d 317, 323 (D. Mass. 2017) (citing RoadSafe Traffic Sys., Inc. v. Ameriseal Ne. Florida, Inc., No. 09-cv-148-SLR, 2011 WL 4543214, at *13 (D. Del. Sept. 29, 2011) ).

Here, the contractual dispute turns on whether 1) the Agreement incorporates the terms of the Certification and 2) defendant adequately transforms the patient-level data such that it is in compliance with the Agreement.

When an executed contract refers to another instrument and incorporates its conditions, the two will be interpreted together. Town of Cheswold v. Cent. Delaware Bus. Park, 188 A.3d 810, 818-19 (Del. 2018). Incorporation requires, however, an "explicit manifestation of intent" and is then subsumed for a specific purpose only. Id.

Although §§ 3.1 and 3.2 of the Agreement refer to the Certification (another instrument) and adopts its terms, defendant has made a credible argument that 1) the parties did not negotiate the terms of the Certification and 2) the alleged acceptance of the Certification via email was limited for the specific purpose of HIPAA compliance and was not intended to alter the restrictions of data disclosure under the Agreement. See id.

Accordingly, plaintiff has not met its burden of demonstrating likelihood of success on its breach of contract claim for the purpose of a preliminary injunction.

b. Trade Secret

The DTSA confers a federal cause of action on an owner of a trade secret that has been misappropriated, so long as the trade secret owner has 1) taken reasonable measures to keep such information secret and 2) the information derives independent economic value. See 18 U.S.C. §§ 1836(b)(1) and 1839(3). The DTSA then defines "misappropriation" as the

disclosure or use of a trade secret of another without express or implied consent by a person who ... at the time of disclosure or use, knew or had reason to know that the knowledge of the trade secret was ... acquired under circumstances giving rise to a duty to maintain the secrecy of the trade secret or limit the use of the trade secret.

Id. at § 1839(5)(B).

Massachusetts trade secret law is nearly equivalent to the DTSA in that it requires plaintiff to show that: 1) the information at issue constitutes a trade secret, 2) the plaintiff has taken reasonable steps *95to secure the confidentiality of the trade secret and 3) the defendant used improper means to obtain the trade secret.³ Optos, Inc. v. Topcon Medical Sys., Inc., 777 F. Supp. 2d 217, 238 (D. Mass. 2011).

Even if plaintiff has shown that its data constitutes a trade secret, it has not demonstrated a likelihood of success with respect to misappropriation under either federal or state law. Here, proof of misappropriation depends upon whether defendant used and/or disclosed the data without the permission of plaintiff, i.e., that it used and/or disclosed the Allscript data outside the terms of the Agreement. See 18 § 1839(5)(B) ; Optos, Inc., 777 F. Supp. 2d at 238.

Because there is a reasonable dispute as to whether the terms of the Certification are incorporated into the Agreement, plaintiff cannot show, at this stage of the litigation, that it will succeed on the merits with respect to its trade secret claim under either federal or state law.

Accordingly, plaintiff has not met its burden of proving a likelihood of success on the merits for any of its claims.

2. Irreparable Harm

The second factor to evaluate in considering a motion for a preliminary injunction is whether the moving party will "suffer irreparable harm in the absence of preliminary relief." Allstate Ins. Co. v. OneBeacon Am. Ins. Co., 989 F. Supp. 2d 143, 149 (D. Mass. 2013). While no "mechanical test" exists to calculate such harm, injunctive relief may be warranted if legal remedies are inadequate and plaintiff faces

a substantial injury that is not accurately measurable or adequately compensable by money damages.

Id.

Even if Allscripts had demonstrated a likelihood of success on the merits, it has not established that it will be irreparably harmed in the absence of injunctive relief. See Peoples Fed. Sav. Bank, 672 F.3d at 8-9 (1st Cir. 2012). Here, Allscripts concedes that it licenses its data to other customers who are then permitted to sublicense the data, subject to strict controls and a revenue-sharing model. Thus, unlike the breach of confidentiality concerns which motivated the cited Covidien decision, Allscripts' claim that its data is truly confidential is tenuous. Cf. Covidien LP v. Esch, 229 F. Supp. 3d 94, 99 (D. Mass. 2017).

Although reputational harm can constitute irreparable injuries (see Allstate Ins. Co. 989 F. Supp. 2d at 149 ), the fact that Allscripts licenses to other third parties the same data that is at issue here, leads this Court to conclude that Allstate's harm is both monetary and calculable. See TouchPoint Sols., Inc. v. Eastman Kodak Co., 345 F. Supp. 2d 23, 32 (D. Mass. 2004) ("TouchPoint was prepared to divulge its trade secrets to Kodak in exchange for license fees or a lump sum and therefore, cannot claim irreparable harm if precisely that arrangement prevails after trial.").

Thus, because plaintiff has not demonstrated harm that any prospective harm to it is not accurately measurable or adequately compensable, this Court finds that plaintiff has failed to satisfy the second prerequisite for injunctive relief.

*96ORDER

For the foregoing reasons, the cross motions for preliminary injunction (Docket Nos. 12 and 25) are DENIED .

So ordered.

1 This paragraph is found in § 22 of the Certification issued in 2014.

2 In its counterclaim, defendant seeks declaratory judgment that it did not breach the Agreement and claims unfair competition under Chapter 93A, misleading statements under the Lanham Act and breach of contract.

3 In 2018, Massachusetts passed the Uniform Trade Secrets Act, which does not apply if the subject violations occurred (or began) before October 1, 2018. Because the allegations of misappropriation here may have occurred before 2018, the Court relies on the predecessor law, M.G.L. c. 93, § 42 (2017).