Epic Punitive Damages Award Violates Due Process
Addressing the appropriateness of three separate damages awards totaling $520 million, the US Court of Appeals for the Seventh Circuit affirmed the lower court’s award of $140 million in compensatory damages, but found that $280 million in punitive damages does not meet the Due Process Clause of the Fourteenth Amendment. Epic Systems Corp. v. Tata Consultancy Services Ltd., Case Nos. 19-1528, 19-1613 (Aug. 20, 2020) (Kanne, J.).
Epic Systems is a leading developer of electronic health record software, which it licenses to top hospitals in the United States. Each customer-licensed module is specific to the customer’s needs and can be customized to ensure proper integration with the customer’s systems. In order to facilitate customization and updates to the software, Epic provides a web portal called “UserWeb,” which provides access to various resources including administrative guides, training materials, software updates and forums. UserWeb also contains confidential information about the health-record software itself, and as such, Epic restricts access to the UserWeb portal via credentialed logins. Those with access are also required to keep all UserWeb information confidential.
In 2003, Kaiser Permanente—the largest managed healthcare organization in the United States—obtained a license to use Epic’s software. Due to the size and complexity of integrating and maintaining the software, Kaiser hired Tata Consultancy Services (TCS) to help with updates and integration. TCS has its own electronic health record software, Med Mantra, which was known to Epic. Accordingly, Kaiser imposed numerous rules for TCS to follow in order to maintain the confidentiality of Epic’s software. TCS employees claimed that they could perform their required tasks faster if they had full access to UserWeb, which Kaiser repeatedly asked Epic to grant to TCS. Epic repeatedly declined this request.
Undeterred, TCS was able to find another way into Epic’s UserWeb. TCS hired an employee who had full access to UserWeb, which he gained from working for a different organization that also helped manage Kaiser’s integration of Epic’s software. While in his previous position, the employee had falsely claimed to be a Kaiser employee, thus allowing him full access to UserWeb. The employee shared these credentials with numerous TCS employees, who then had unfettered access to UserWeb, which contained confidential information relating to Epic’s healthcare software.
TCS used this information to generate a “comparative analysis” document, an 11-page spreadsheet that compares TCS’s software, Med Mantra, to Epic’s software. TCS wanted to sell Med Mantra directly to Kaiser, and the first step was to be sure that “key gaps” in the Med Mantra software were addressed before the attempted sale. After viewing a presentation that included the comparative analysis document, one TCS employee alerted Kaiser and Epic to the existence of the document and the fact that TCS had gained access to UserWeb.
A few months later, Epic filed suit against TCS, alleging that TCS used fraudulent means to access and steal Epic’s trade secrets and other confidential information. After a trial, the jury returned a verdict in favor of Epic on all claims. During the damages trial, Epic’s expert calculated the benefit received by TCS by determining the costs to Epic in developing the specific software modules described in the comparative analysis, less costs that did not benefit TCS and technology decay over time. TCS claimed that this methodology was flawed because it failed to account for reduced labor costs in India. The jury initially returned a $940 million damages award to Epic: $140 million in compensatory damages based on the use of the comparative analysis, $100 million in compensatory damages for “other uses” of Epic’s confidential information and $700 million in punitive damages. The district court reduced the punitive damages award to $280 million based on a Wisconsin statutory cap on punitive damages and struck the $100 million compensatory damages award. Both sides appealed.
On appeal, TCS argued that no reasonable jury could find that the $140 million compensatory damages award was warranted based on what TCS identified as a “stale marketing document” because the calculation was based on Epic’s costs rather than TCS’s benefit. The Seventh Circuit made it clear that “avoided research and development costs have been awarded when the defendants gained a significant head start in their operations,” as was the case here. Thus, the jury could have based its award on the benefit to TCS from avoided research and development costs, not the cost Epic incurred when creating the same information. Furthermore, Epic’s expert presented evidence that TCS received a $200 million benefit and the jury could have factored in the reduced labor costs in India—which TCS’s expert calculated at a 30% reduction—to arrive at the $140 million compensatory damages number. Thus, the Court affirmed the jury’s award of $140 million in compensatory damages for use of the comparative analysis document. Despite this award, the Court found that the $100 million compensatory damages award based on “other uses” was the result of speculative evidence and therefore affirmed the district court’s ruling striking this portion of the award.
TCS also contested the $280 million punitive damages award for various reasons, one being that the award was not in line with the Due Process Clause of the Fourteenth Amendment. The Court identified three “guideposts” for determining whether there is a due process violation with respect to punitive damages awards: (1) the reprehensibility of the defendant’s conduct, (2) the disparity between the actual harm suffered and the punitive award and (3) the difference between the award authorized by the jury and the penalties imposed in comparable cases. The Seventh Circuit explained that the first of these guideposts is the most important and contains five factors for consideration: Whether the harm caused was physical or economic, whether there was reckless disregard for the safety of others, whether the target was financially vulnerable, whether the conduct involved repeated actions or an isolated incident, and whether the harm was the result of malice, trickery or deceit. The Court found that while the first three factors favored TCS, the final two weighed in favor of Epic, as TCS’s conduct was a repeated course of wrongful acts and TCS had access to Epic’s confidential information for years without Epic’s knowledge. Thus, the first guidepost justifies a punitive damages award of some form.
The Seventh Circuit next analyzed the second and third guideposts: The disparity between actual harm suffered and the damages award and comparison to other cases. The Court found that determining the harm is difficult because the $140 million compensatory damages award is based on benefit to TCS, not harm to Epic. However, the Court noted that in these instances, “few awards exceeding a single-digit ratio between punitive damages and compensatory damages will satisfy due process.” Furthermore, when compensatory damages are substantial, as is the case here, “a lesser ratio, perhaps only equal to compensatory damages, can reach the outermost limit of the due process guarantee.” Thus, the Court limited the punitive damages to a 1:1 ratio with the $140 million compensatory damages award and remanded to the district court to amend the award accordingly.
Practice Note: With respect to the second guidepost, the Court noted that TCS made no argument that there should be another number, other than the $140 million in compensatory damages, in the denominator of the ratio equation. Thus the Court seemed to infer that parties should additionally consider introducing evidence of the actual harm to the plaintiff, even in unjust enrichment cases, in the event that punitive damages are ultimately awarded by the jury.