- A complaint filed in Wisconsin district court pits EHR vendor Epic Systems against IT consultancy Tata Consultancy Services for the alleged theft of proprietary information used to advance a competing health IT product.
The plaintiff Epic alleges that a TCS employee who worked as a consultant as Kaiser Foundation Hospitals abused his access to Epic UserWeb to download at least 6477 documents, 1687 unique files, from an IP address outside the United States.
"The vast majority of the stolen data was not required for TCS to provide consulting services to Epic’s customer," the complaint states. "To the contrary, much of the data wrongfully taken from Epic, if used improperly, would provide an unfair development and design advantage for TCS’s competing medical management software called Med Mantra."
Epic UserWeb is the EHR company's portal for supporting Epic implementation, integration, and testing at customer facilities whose use is restricted to authorized individuals with appropriate credentials only.
Back in 2005, court documents allege that TCS employees registered with Epic as Kaiser employees without their parent company first entering into a standard consultant agreement with Epic, which eventually was reach in August of that year.
Epic, however, was tipped off by an informant that information from UserWeb was going toward the development of TCS's rival software:
The informant further described that an access credential for the UserWeb has been used in India to access Epic’s UserWeb without authorization to download information from Epic’s UserWeb, and that the purpose of the misconduct was to use information and documents related to Epic’s leading software to benefit TCS’s creation of and improvements to TCS’s competing Med Mantra product.
A review of UserWeb activity by TCS employees eventually revealed the downloading of files and documents from an IP address in India " during the time when the employee resided in Oregon" working as a Kaiser consultant.
Details about the stolen documents are scarce:
[T]he documents downloaded by TCS personnel included, among other things, documents detailing over twenty years of development of Epic’s proprietary software and database systems, including programming rules and processes developed to produce optimal functionality of Epic’s software; documents that decode the operation of its source code that would otherwise be unusable to those outside of Epic; and information regarding Epic’s system capabilities and functions, including procedures for transferring data between customer environments, rules related to information collection, methods for limiting access to patient records, and processes for converting customer data, all of which reveal decades of work with its customers to determine the functionality desirable or required for Epic to provide successful products to those customers.
The complaint alleges that the downloaded Epic documents were not required for the TCS employee to perform his role as Kaiser consultant.
Further clouding the matter was the use of Kaiser credentials by the TC employee to gain access to UserWeb rather than disclosing his role as consultant.
"The TCS employee appears to have intentionally misrepresented himself as a Kaiser employee when he knew that was a false representation for the purpose of gaining customer-level access authorization to Epic’s UserWeb," the complaint reads.
Although Epic terminated the TCS employee's access to UserWeb, the latter attempted to reactivate his account indicating two different titles with Kaiser and TCS.
According to the court documents, Epic received an admission of wrongdoing that a TCS employee provided Epic access credentials to other TCS staff.
The complaint does not end there. The EHR vendor also alleges to have discovered another TCS employee to have downloaded Epic documents illegally back in 2014.
The complaints comprises a total of twelve actions, ranging from computer fraud and abuse, misrepresentation, and breach of contract.
Epic is seeking a trial by jury.