Allscripts Healthcare, LLC v. DR/Decision Res., LLC
Docket: Civil Action No. 19-11038-NMG
Court: District Court, District of Columbia; July 3, 2019; Federal District Court
Nathaniel M. Gorton, United States District Judge, presides over a contractual dispute between a healthcare company, Allscripts Healthcare, LLC (plaintiff), and a healthcare consulting company, DR/Decision Resources, LLC (defendant). Allscripts collects sensitive patient-level data and licenses it to DRG, which processes and sells this data to third parties. The plaintiff claims breaches including trade secret misappropriation, unfair practices under Massachusetts law, and fraud in the inducement. DRG counters with claims for declaratory judgment and breaches, including unfair competition and misleading statements under the Lanham Act.
The dispute centers on a Master Data License Services Agreement (the Agreement) established in June 2014, governed by Delaware law. Key terms of the Agreement allow either party to terminate for material breaches not cured within 30 days of notice. Specific provisions include:
- **Data Definition**: "Data" is defined as aggregated, de-identified patient data from Allscripts’ network, compliant with HIPAA regulations.
- **Licensing Terms**: Allscripts grants DRG a limited, revocable non-exclusive license to use the data for creating and distributing analyses and reports, provided the data is de-identified per a statistician's certification. DRG cannot sell or distribute the data to third parties outside the Agreement's terms.
- **Confidentiality**: DRG is required to maintain confidentiality for five years post-contract, with a perpetual obligation for Allscripts' data, trade secrets, and related information.
In 2014 and again in 2018, Allscripts obtained a statistician certification from Dr. Patrick Baier, ensuring that the data shared with DRG complies with the necessary de-identification standards. The court will reference the 2018 certification for relevant provisions in the analysis of the case.
The Certification stipulates that Decision Resources Group (DRG) may retain Allscripts data for internal use or create analyses and reports for distribution to clients, provided that no Allscripts data is disclosed to third parties. DRG and its clients may produce summary and aggregated works that avoid individual patient identification. DRG is prohibited from providing patient-level Allscripts data, either alone or with other data. In 2014, DRG's Executive Vice President confirmed compliance with the Certification, asserting that data provided to DRG was de-identified as per HIPAA regulations.
In 2017, DRG considered acquiring Practice Fusion, granting its CEO, Tom Langan, access to confidential information during due diligence. Langan accepted a position at DRG but later declined, eventually remaining CEO of Practice Fusion after its acquisition by Allscripts. Allscripts then established a competing unit, Veradigm, with Langan as CEO, leading to allegations that he is misappropriating DRG’s confidential information.
In October 2018, Allscripts conducted an audit of DRG, suspecting violations regarding patient-level data licensing. On February 15, 2019, Allscripts accused DRG of breaching the Agreement by providing patient-level data to clients, a claim DRG contested. Allscripts clarified that its allegations pertained to breach of contract, not HIPAA compliance. In May 2019, while mediating the dispute, Allscripts initiated legal action against DRG for violations including the Defend Trade Secrets Act, trade secret misappropriation, breach of contract, unfair practices, and fraud in the inducement. DRG responded with an answer and counterclaim, seeking a temporary restraining order (TRO) and/or a preliminary injunction. DRG later withdrew its TRO motion, and Allscripts filed motions for a preliminary injunction and to dismiss. The Court held oral arguments on the preliminary injunction motions on June 27, 2019, and took the matter under advisement.
To obtain a preliminary injunction, the moving party must demonstrate: 1) a reasonable likelihood of success on the merits, 2) potential for irreparable harm if the injunction is denied, 3) a favorable balance of hardships, and 4) the effect on public interest. The likelihood of success on the merits is the most critical factor. The Court may consider well-pleaded allegations, uncontroverted affidavits, and even otherwise inadmissible evidence in its decision. Issuing a preliminary injunction is a drastic remedy not granted as a right.
In this case, the defendant seeks declaratory judgment claiming it has not breached the Agreement, that Allscripts cannot terminate it, and that Allscripts is bound to provide data under the Agreement. During the hearing, both parties agreed that Allscripts would not terminate the Agreement while litigation is ongoing, resulting in the Court denying the defendant's motion for a preliminary injunction as moot.
Allscripts moves for a preliminary injunction to prevent DRG from providing patient-level data to its clients and to require DRG to recover data that it improperly sold or sublicensed under the Defend Trade Secrets Act (DTSA). Allscripts argues it is likely to succeed on both its breach of contract and trade secret claims, although the Court expresses skepticism.
For the breach of contract claim under Delaware law, Allscripts must prove a contractual obligation, a breach by the defendant, and resulting damages. The dispute revolves around whether the Agreement incorporates terms from the Certification and whether DRG adequately transformed the patient-level data to comply with the Agreement. The incorporation of another instrument requires an explicit intent and is limited to specific purposes. Sections 3.1 and 3.2 of the Agreement reference the Certification, but DRG argues that the parties did not negotiate its terms and that any acceptance via email was solely for HIPAA compliance and did not intend to modify data disclosure restrictions under the Agreement.
The plaintiff failed to demonstrate a likelihood of success on its breach of contract claim, which is necessary for obtaining a preliminary injunction. Under the Defend Trade Secrets Act (DTSA), a trade secret owner must show that the information is a trade secret, has independent economic value, and that reasonable measures have been taken to keep it secret. Misappropriation is defined as unauthorized use or disclosure of a trade secret by someone who knows or should know they are under a duty to maintain its secrecy. Massachusetts law mirrors the DTSA, requiring proof that the information constitutes a trade secret, reasonable efforts were made to secure its confidentiality, and that the defendant used improper means to obtain it.
Despite potentially qualifying as a trade secret, the plaintiff has not established a likelihood of success regarding misappropriation, as there is a dispute about the incorporation of Certification terms into the Agreement. The plaintiff also failed to prove irreparable harm necessary for injunctive relief. Although injunctive relief may be warranted when legal remedies are inadequate, the plaintiff's claims are weakened by its admission that it licenses the same data to other customers. This undermines the assertion that the data is truly confidential and indicates that any harm is calculable and monetary.
Consequently, the court denied the cross motions for preliminary injunction due to the plaintiff's inability to meet the necessary legal standards. Additionally, the defendant's counterclaim includes a request for a declaratory judgment regarding the breach of the Agreement, along with claims of unfair competition and misleading statements. The court notes that the Uniform Trade Secrets Act does not apply to actions that began before October 1, 2018, leading to reliance on the prior law regarding trade secrets in Massachusetts.
