United States District Court, M.D. Pennsylvania
JOHN E. JONES III, JUDGE.
pending before the Court is Defendant Christopher
LeBlanc's and Defendant Meridian Hospital Systems
Corporation's Amended Motion to Dismiss. (Doc. 21). The
matter has been fully briefed, (Docs. 22, 25, 26), and is
ripe for disposition. For the reasons that follow, the Motion
shall be granted.
accordance with the standard of review applicable to a motion
to dismiss, the following facts are derived from
Plaintiff's amended complaint and are viewed in the light
most favorable to it.
Post Acute Medical, LLC (“PAM”) is a healthcare
provider that owns and operates long-term care hospitals.
(Doc. 20 at ¶ 8). In 2013, PAM contracted with Defendant
Meridian Healthcare Intelligence (“Meridian”) for
Meridian to provide it with a user-friendly recordkeeping
system. (Id. at ¶ 11). Because this arrangement
necessarily required Meridian to access PAM's patient
data, Meridian agreed to comply with HIPAA requirements and
to safeguard PAM's confidential data. (Id. at
¶ 12-17). Meridian also agreed that all of the data it
would access or create belonged to PAM and that said data
would be returned to PAM upon request or upon termination of
the business relationship. (Id. at ¶ 20).
the next several years, PAM experienced issues with
Meridian's performance. (Id. at ¶¶
24-40). By 2018, PAM expressed its desire to develop and
execute its own platform. (Id. at ¶ 41-42). Not
wanting to lose PAM's business, however, Meridian offered
PAM an equity interest in the company in exchange for a
long-term contract. (Id. at ¶ 45). Nonetheless,
before that deal was finalized, Meridian and PAM agreed to a
one-year extension, memorialized in what the parties refer to
as the Business Associate Addendum (“BAA”).
(Id. at ¶ 46-49). The BAA was signed by PAM and
Meridian and was personally guaranteed by Defendant
Christopher LeBlanc (“LeBlanc”), Meridian's
majority owner. (Id. at ¶ 50). Relevant to the
instant motion, the BAA reiterated many of the limitations
outlined in the parties' initial contract, including
Meridian's obligation to safeguard PAM's data.
(Id. at ¶ 51-62).
February 28, 2019, PAM notified Meridian that it did not
intend to renew its agreement and made clear that Meridian
should return all of PAM's sensitive data at or before
the conclusion of the agreement's term. (Id. at
¶ 64). A series of failed negotiations to continue the
relationship ensued, to no avail. (Id. at
¶¶ 67- 71).
after the parties recognized that no further agreement would
be reached, Meridian sued PAM and several of its Texas
affiliates in Texas state court, alleging that PAM had tried
to undercut Meridian by hiring an independent firm to reverse
engineer Meridian's product. (Id. at
¶¶ 72-76). PAM and its Texas-based affiliates filed
a motion to dismiss, which the Texas court denied.
(Id. at ¶ 83). The matter is presently stayed
pending PAM's appeal of that order. (Id.).
the fact that Meridian was still contractually obligated to
provide its services to PAM, on May 8, 2019, Meridian shut
down PAM's access to its data, resulting in what PAM
characterizes as a massive disruption of service.
(Id. at ¶ 85-86). PAM demanded that Meridian
restore service-for which it was still paying-and that
Meridian immediately return PAM's stored data.
(Id. at ¶ 88). Meridian responded to PAM's
demand by insisting that it was not obligated to do so and
that, in fact, it had the right to destroy it. (Id.
at ¶ 90).
15, 2019, PAM sent a second demand, (id. at ¶
92), and, on May 24, 2019, PAM sent a third. (Id. at
95). On May 30, 2019, Meridian responded that it intended to
destroy PAM's data on several of its platforms.
(Id. at ¶ 97). Meridian demanded $8, 500.00
before it would return the data that remained on its other
platforms. (Id.). On June 5, 2019, PAM's counsel
verbally requested that LeBlanc specifically return the data.
(Id. at ¶ 102). On June 10, 2019, PAM again
demanded, in writing, the immediate return of its data.
(Id. at 103). In response, Meridian again threatened
to destroy it. (Id. at 104).
26, 2019, Meridian sought a temporary restraining order in
Texas state court against Key Management Group, Inc., a
co-defendant in Meridian's initial law suit.
(Id. at ¶ 107). During a hearing on the matter,
Meridian's counsel mentioned that LeBlanc had used its
servers to access PAM's sensitive data. (Id. at
¶¶ 108-112). Specifically, PAM contends, LeBlanc
had accessed the database to confirm the identity of an
individual that was being discussed at the hearing.
17, 2019, PAM notified Meridian and LeBlanc that it intended
to enforce provisions of the BAA which authorized PAM to
monitor Meridian's compliance therewith. (Id. at
¶ 116-120). Meridian did not respond to PAM's
request but instead asserted that the BAA was terminated and
that Meridian was under no obligation to comply with it
absent a court order. (Id. at ¶¶ 121-122).
2, 2019, PAM filed a three-count complaint against Meridian
and LeBlanc in this Court. (Doc. 1). The following day, PAM
filed a Motion for Temporary Restraining Order and a brief in
support thereof. (Docs. 4, 5). On July 9, 2019, the Court
held a telephonic status conference after which the parties
agreed to a stipulated Order mandating that Meridian and
LeBlanc retain all of PAM's data in its current form and
precluding Meridian and LeBlanc from destroying, deleting,
copying, using, mining, accessing, or distributing that data.
(Doc. 15). This stipulated Order denied PAM's motion for
temporary restraining order without prejudice.
(Id.). On July 25, 2019, Meridian and LeBlanc filed
a motion to dismiss and a brief in support thereof. (Docs.
August 8, 2019, PAM filed an amended complaint, the operative
complaint in this case. (Doc. 20). In Count I, PAM avers that
Meridian and LeBlanc violated the Defend Trade Secrets Act,
18 U.S.C. § 1836 et seq., by misappropriating
PAM's confidential customer and vendor data. (Doc. 20 at
¶ 133). In connection therewith, PAM specifically avers
that, this customer and vendor data “qualifies for
trade secret protection under the Defend Trade Secret Act,
” (id. at ¶ 139), and that “the
sole copy [of the data] resides on Meridian's
servers.” (Id. at ¶ 133). In Count II,
PAM contends that Meridian and LeBlanc violated the Computer
Fraud and Abuse Act, 18 U.S.C. § 1030 et seq.,
by exceeding the scope of their authorized access of
PAM's data when they accessed the database in open ...