throbber
Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 1 of 23
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE DISTRICT OF MARYLAND
`
`
`
`Civil Action No. ___________
`
`COMPLAINT
`
`JURY TRIAL DEMANDED
`
`
`
`
`
`
`PHREESIA, INC.,
`
`
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`CERTIFY GLOBAL, INC. D/B/A CERTIFY AND
`CERTIFY HEALTH, ROLLING ROCK
`SOFTWARE PVT LTD. and TIMOTHY
`GOODWIN,
`
`
`
`
`
`
`
`
`
`
`
`Defendants.
`
`
`
`Plaintiff Phreesia, Inc. (“Phreesia” or “Plaintiff”), by and through its attorneys, for its
`
`Complaint against Defendants Certify Global, Inc. d/b/a Certify and Certify Health (“Certify”),
`
`Rolling Rock Software Pvt Ltd. (“Rolling Rock Software”), and Timothy Goodwin, Vice President
`
`of Certify (collectively “Defendants”), alleges as follows:
`
`PRELIMINARY STATEMENT
`
`
`
`Defendants have engaged in a conspiracy to misappropriate Phreesia’s trade secrets
`
`and confidential information in order to create an almost identical version of Phreesia’s industry-
`
`leading software, and to unlawfully interfere with Phreesia’s customer relationships. Defendants’
`
`actions involved a concerted effort over the span of years to steal Phreesia’s trade secrets and
`
`confidential information in order to create a service to compete with Phreesia’s industry-leading
`
`software. However, due to Phreesia’s security and compliance controls Phreesia was able to
`
`reconstruct Defendants’ unauthorized incursions and establish how and when Defendants’
`
`
`
`
`1
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 2 of 23
`
`unlawful actions took place.
`
`
`
`Defendants worked to subvert Phreesia’s relationships with an existing client
`
`partner to create unauthorized login accounts. As a result of these efforts, Defendants were able
`
`to repeatedly access Phreesia’s confidential software system and to use information gained by that
`
`access to misappropriate Phreesia’s trade secrets and confidential information. Defendants then
`
`took that information and incorporated it into their own systems to unlawfully compete against
`
`Phreesia.
`
`
`
`Defendants’ ongoing actions are unjustly enriching Defendants and causing
`
`significant harm to Phreesia. As a result of Defendants’ wrongful conduct, Phreesia is entitled to
`
`the award of substantial damages to be determined at trial, including all revenues derived by
`
`Defendants from the sale of products that use or incorporate Phreesia’s trade secrets and/or
`
`confidential information; an additional award of lost profits to Phreesia; a declaration that Certify’s
`
`products have unlawfully been developed using Phreesia’s intellectual property; an order enjoining
`
`Defendants from offering any product or service that incorporates trade secrets or confidential
`
`information misappropriated from Phreesia, and from accessing Phreesia software, data and
`
`information; and such additional declaratory and injunctive relief as the Court deems appropriate.
`
`PARTIES
`
`
`
`Plaintiff Phreesia is a Delaware corporation with its headquarters located at 434
`
`Fayetteville Street, Suite 1400, Raleigh, NC 27601.
`
`
`
`On information and belief, Defendant Certify is a Delaware corporation with its
`
`headquarters located at 9801 Washingtonian Blvd., Ste. 200, Gaithersburg, MD 20878.
`
`
`
`On information and belief, Defendant Rolling Rock Software is an Indian
`
`corporation with its U.S. headquarters located at 9801 Washingtonian Blvd., Ste. 200,
`
`
`
`
`2
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 3 of 23
`
`Gaithersburg, MD 20878.
`
`
`
`On information and belief, Defendant Rolling Rock Software performs a
`
`substantial portion of the software development activities for Defendant Certify.
`
`
`
`On information and belief, in addition to sharing the same suite at the same address
`
`for their respective U.S. headquarters, Defendants Certify and Rolling Rock Software are also
`
`operated by the same officers. For example, the two companies share the same Chief Executive
`
`Officer (Marc Potash), the same Chief Technical Officer (Preetham Gowda), the same Chief
`
`Operating Officer (Jacob Saji), and the same Vice President of Product Development (Preet
`
`Mann). On information and belief, Defendants Certify and Rolling Rock Software also have
`
`common ownership.
`
`
`
`On information and belief, Defendant Timothy Goodwin is an individual who
`
`resides in Maryland and serves as Vice President of Defendant Certify.
`
`JURISDICTION AND VENUE
`
`
`
`This Court has jurisdiction over this action pursuant to 28 U.S.C. § 1331, because
`
`Plaintiff’s claims against all Defendants for violations of the Defend Trade Secrets Act of 2016,
`
`18 U.S.C. § 1836 et seq., and the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, raise federal
`
`questions.
`
`
`
`Plaintiff’s remaining claims arising under state law fall within this Court’s
`
`supplemental jurisdiction pursuant to 28 U.S.C. § 1367(a) because they are so related to the federal
`
`claims that they form part of the same case or controversy.
`
`
`
`This Court has Personal jurisdiction over Defendant Certify because its
`
`headquarters are in Gaithersburg, Maryland, and it therefore resides within this District.
`
`
`
`Upon information and belief, Defendant Certify has engaged in and maintained
`
`
`
`
`3
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 4 of 23
`
`systematic and continuous business contacts within the state of Maryland, and has purposefully
`
`availed itself of the benefits and protections of the laws of Maryland rendering it at home in
`
`Maryland.
`
`
`
`This Court has Personal jurisdiction over Defendant Rolling Rock Software
`
`because it maintains a principal place of business in Gaithersburg, Maryland, within this District.
`
`
`
` Upon information and belief, Defendant Rolling Rock Software has engaged in
`
`and maintained systematic and continuous business contacts within the state of Maryland, and has
`
`purposefully availed itself of the benefits and protections of the laws of Maryland rendering it at
`
`home in Maryland.
`
`
`
`Upon information and belief, Defendant Rolling Rock Software engaged in, and
`
`collaborated and/or acted in concert with Defendant Certify to engage in wrongful acts within
`
`Maryland in violation of Maryland law.
`
`
`
`Alternatively, the Court has personal jurisdiction over Defendant Rolling Rock
`
`Software under Federal Rule of Civil Procedure 4(k)(2). Plaintiffs’ claims arise under federal law,
`
`and Defendant Rolling Rock Software is a foreign defendant not subject to general personal
`
`jurisdiction in the courts of any state; Defendant Rolling Rock Software has sufficient contacts
`
`with the United States as a whole, including, but not limited to, purposefully placing products
`
`incorporating misappropriated trade secrets in U.S. commerce.
`
`
`
`This Court has Personal jurisdiction over Defendant Timothy Goodwin because he
`
`resides within this District.
`
`
`
`Venue in this district is proper under 28 U.S.C. § 1391(b)(2) because a substantial
`
`part of the events or omissions giving rise to the claims at issue occurred within this district. In
`
`the alternative, venue in this district is proper under 28 U.S.C. § 1391(b)(3) because this Court has
`
`
`
`
`4
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 5 of 23
`
`Personal jurisdiction over at least one defendant.
`
`FACTUAL ALLEGATIONS
`
`A.
`
`Phreesia’s Business and its Trade Secrets and Confidential Information
`
`
`
`Founded in 2005, Phreesia has spent more than fifteen years helping medical groups
`
`and health systems improve their patient intake processes through the use of innovative
`
`technologies.
`
`
`
`Phreesia is engaged in the nationwide business of providing point-of-service
`
`solutions for healthcare practices that, among other things: (a) digitize intake (e.g., by permitting
`
`patients to fill out information forms and sign consent forms through a mobile device, on a tablet,
`
`or at a kiosk); (b) automate eligibility and benefits verification, and calculate patient responsibility
`
`(e.g., copays); and (c) provide a secure payments platform. Phreesia’s software drives efficiency
`
`for healthcare practices and provides patients with a seamless and automated experience.
`
`
`
`Phreesia provides its customized patient intake services through its proprietary
`
`software-as-a-service (SaaS) applications. Working through mobile applications and dedicated
`
`wireless PhreesiaPad tablets and kiosks, Phreesia’s specialized intake tools help partners
`
`streamline their operations, while giving patients safe, contactless options.
`
`
`
`In order to develop its software, Phreesia engaged in extensive research and
`
`development and product testing and solicited wide-ranging and confidential customer feedback
`
`and assessments. Phreesia has invested more than $92 million during the last five years alone to
`
`develop, implement, and update its proprietary software services.
`
`
`
`Due to its efforts, Phreesia has established a high degree of goodwill in the quality
`
`and utility of its software. For example, Phreesia has been named the Best in KLAS for Patient
`
`Intake Management by the research and insights firm KLAS in its annual reports in both 2019 and
`
`
`
`
`5
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 6 of 23
`
`2020. The Best in KLAS designation is reserved for leading software and services vendors that
`
`have the broadest operational and clinical impact on healthcare organizations. Phreesia earned the
`
`overall top score based on provider criteria across a range of areas, including culture, loyalty,
`
`operations, product, relationship and value.
`
`
`
`The software code, architecture, format, structure, organization, workflows, back-
`
`end logic, functionality, operation, and interface of the Phreesia System are trade secrets that derive
`
`value from the fact that they are not publicly known.
`
`
`
`Accordingly, Phreesia takes measures to keep its trade secrets, data, and
`
`information confidential and to prevent disclosure without imposing confidentiality restrictions on
`
`the recipient. Phreesia’s efforts include, but are not limited to: execution of confidentiality
`
`agreements that require counter-parties not to disclose or permit third-party access to Phreesia
`
`software or information, or to use that information other than for a permitted purpose; limiting
`
`circulation of trade secrets within Phreesia and to third parties; and protecting, restricting and
`
`controlling access to Phreesia’s trade secrets and confidential information with physical and
`
`electronic means including encryption, password protection, and other security measures.
`
`
`
`As the provider of SaaS offerings, Phreesia does not distribute its software to
`
`existing or potential customers. Instead, Phreesia provides access to its software services on its
`
`own secured servers (the “Phreesia System”).
`
`
`
`Phreesia’s software offerings use an innovative back-end functionality and an easy-
`
`to-navigate user interface. Phreesia’s proprietary functionality and user interface are competitive
`
`differentiators in the market for Phreesia’s services and help drive sales for Phreesia’s services.
`
`
`
`Phreesia does not publish details of its software platform publicly. This is
`
`especially true of the Phreesia “Staff Interface,” which can only be accessed by authorized clients
`
`
`
`
`6
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 7 of 23
`
`behind a password-protected login.
`
`
`
`Phreesia also maintains Phreesia University – a cache of Phreesia’s online training
`
`courses, videos, links to help pages, quizzes, and other documents – on the Phreesia System.
`
`Phreesia University is used to host Phreesia’s training content and to deliver that content to
`
`Phreesia’s authorized users at medical practices.
`
`
`
`In order to access the materials stored within Phreesia University, a user must be
`
`authorized and assigned access to a specially selected curriculum.
`
`
`
`To gain access to even a demonstration of Phreesia’s software, Phreesia researches
`
`potential clients to ensure that they will not misappropriate Phreesia’s confidential know-how.
`
`
`
`Before Phreesia provides a demonstration to larger partners such as health systems,
`
`the health system is required to sign a non-disclosure agreement (NDA).
`
` When Phreesia performs a demonstration of its software to a potential client, that
`
`potential client is shown a limited version of the Phreesia software and does not receive access to
`
`the Phreesia System.
`
`
`
`In order to receive access to the Phreesia System, clients must execute a software
`
`license agreement – the Master Services Agreement – that includes provisions that require the
`
`client to maintain confidentiality of the system:
`
`The receiving Party shall hold in confidence, and shall not disclose
`(or permit or suffer its personnel to disclose) any Confidential
`Information to any person or entity except to a director, officer,
`employee,
`outside
`consultant,
`or
`advisor
`(collectively
`“Representatives”) who have a need to know such Confidential
`Information in the course of the performance of their duties for the
`receiving Party and who are bound by a duty of confidentiality no
`less protective of the disclosing Party’s Confidential Information
`than this Agreement. The receiving Party and its Representatives
`shall use such Confidential Information only for the purpose for
`which it was disclosed and shall not use or exploit such Confidential
`Information for its own benefit or the benefit of another without the
`
`
`
`
`7
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 8 of 23
`
`prior written consent of the disclosing Party. Each Party accepts
`responsibility for the actions of its Representatives and shall protect
`the other Party’s Confidential Information in the same manner as it
`protects its own valuable confidential information, but in no event
`shall less than reasonable care be used.
`
`
`* * *
`
`
`Customer further agrees that it shall not use the Products for the
`purposes of conducting comparative analysis, evaluations or product
`benchmarks with respect to the Products and will not publicly post
`any analysis or reviews of the Products without Phreesia’s prior
`written approval.
`
`
`Master Services Agreement § 4.1.
`
`
`
`
`The Master Services Agreement also requires Phreesia’s clients to refrain from, and
`
`to prevent third parties from reverse engineering, decompiling, disassembling, or otherwise
`
`attempting to derive the source code form or structure of the Phreesia System in order to build a
`
`competitive product or service, or to copy any ideas, features, functions or graphics of the Phreesia
`
`System:
`
`The Customer is responsible for (i) all activities conducted under its
`User logins and for its Users’ compliance with this Agreement, (ii)
`compliance with all applicable laws and regulations that govern its
`business, and (iii) obtaining all authorization’s, consents and
`licenses necessary to use Customer Data. Unauthorized use, resale
`or commercial exploitation of the Products in any way is expressly
`prohibited. Without Phreesia’s express prior written consent in each
`instance, the Customer shall not (and shall not allow any third party
`to): reverse engineer, decompile, disassemble, or otherwise attempt
`to derive the source code form or structure of the Products or access
`the Products in order to build a competitive product or service or
`copy any ideas, features, functions or graphics of the Products.
`Except as expressly permitted in this Agreement, the Customer shall
`not copy, license, sell, transfer, make available, lease, time-share or
`distribute the Products to any third party.
`
`
`Master Services Agreement § 8.3.
`
`
`
`
`To be able to access the Phreesia System and thus to access Phreesia’s proprietary
`
`
`
`
`8
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 9 of 23
`
`software, each member of a partner’s staff must enter a unique username and password.
`
`
`
`Phreesia logs the username, passwords, and IP addresses of each individual who
`
`accesses the Phreesia System, as well as information regarding the date and time such access
`
`occurred.
`
`
`
`Users who are authorized to access the Phreesia System services not only gain
`
`access to the user interface, but can also gain confidential information regarding the functionality
`
`of Phreesia’s software – including the proprietary workflow of the Phreesia user interface which
`
`defines how the software responds to user queries or answers – as well as the proprietary guidance
`
`and training materials contained in Phreesia University.
`
`B.
`
`Defendants’ Conspiracy to Misappropriate Phreesia Trade Secrets and Confidential
`Information
`
`
`Defendant Certify purports to provide patient engagement and authentication
`
`
`
`services via SaaS applications.
`
`
`
`As part of its business, Certify offers patient intake software services that compete
`
`with those offered by Phreesia.
`
`
`
`On information and belief, Rolling Rock Software designs, creates, and maintains
`
`Certify’s software services.
`
`
`
`On information and belief, Certify conspired with an existing Phreesia client (the
`
`“Phreesia Client”) to violate that partner’s obligations under the Master Services Agreement and
`
`create an unauthorized login account so that Defendants could access the Phreesia System without
`
`Phreesia’s authorization.
`
`
`
`Phreesia’s user logs show that the Phreesia Client created a login account for
`
`Certify on or around April 18, 2018 under the name of Certify employee Erika Blair using the
`
`following Certify email address: erika.blair@certifyglobal.com. Additionally, the IP address
`
`
`
`
`9
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 10 of 23
`
`associated with this fraudulent user account is associated with Certify.
`
`
`
`On information and belief, Erika Blair is an individual who was employed by
`
`Certify as an Information Technology Management Consultant during a period that included April
`
`2018.
`
`
`
`Three minutes later, on the same day (April 18, 2018), the username was changed
`
`to
`
`Timothy Goodwin,
`
`in
`
`connection with
`
`the
`
`associated
`
`email
`
`address
`
`timothy.goodwin@certifyglobal.com.
`
`
`
`On information and belief, this username and email address refers to Timothy
`
`Goodwin, Vice President and Director of Business Development at Certify.
`
`
`
`On information and belief, Defendant Goodwin has been employed by Certify since
`
`July 2017.
`
`
`
`On information and belief, Defendants subsequently renamed the unauthorized
`
`Timothy Goodwin account to “Alice Test,” in an attempt to obscure their identities and
`
`involvement in the unauthorized access to the Phreesia System.
`
`
`
` Defendants used the Timothy Goodwin/“Alice Test” account to analyze and
`
`interact with the Phreesia system in an unauthorized manner more than 230 times during 2019
`
`alone. Of these login events, at least 130 were made from the IP address associated with Certify’s
`
`Maryland headquarters, which is also the U.S. headquarters of Rolling Rock Software.
`
`
`
`On
`
`information and belief 19 further
`
`login events using
`
`the Timothy
`
`Goodwin/“Alice Test” account arose from an IP address associated with Rolling Rock Software’s
`
`offices in India.
`
`
`
`During 2019, Defendants used the Timothy Goodwin/“Alice Test” account, among
`
`other things, to log into the Phreesia System to view the operation of the system, create patient
`
`
`
`
`10
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 11 of 23
`
`records, delete patient records, and discover and reverse-engineer the functionality, structure,
`
`architecture, and workflow of the Phreesia software, and to access the proprietary training files
`
`located within Phreesia University.
`
`
`
`On information and belief, Defendants have also used their unauthorized access to
`
`the Phreesia System to export and send information to employees of the Defendants.
`
`
`
`On information and belief, Defendant Timothy Goodwin used his and Certify’s
`
`unauthorized access to the Phreesia system to send himself multiple emails with information from
`
`the Phreesia system to his email address: timothy.goodwin@certifyglobal.com.
`
`
`
`On information and belief, an employee of Defendant Certify, Darshan Patel, used
`
`Certify’s unauthorized access to send an email with information from the Phreesia system to his
`
`email address: darshan.patel@certifyglobal.com. On information and belief, Patel is employed by
`
`Defendant Certify as an IT Project and Program Manager.
`
`
`
`On information and belief, an employee of Defendant Certify, Shreyas Swami, used
`
`Certify’s unauthorized access to send multiple emails with information from the Phreesia system
`
`to his email address: shreyas.swamy@certifyglobal.com. On information and belief, Swamy is
`
`employed by Certify as a Business Analyst.
`
`
`
`On information and belief, Defendants used fraudulent accounts to access the
`
`Phreesia System to gather Phreesia’s trade secrets and confidential information, to reverse engineer
`
`the architecture, format, structure, organization, functionality, and workflows, and discover,
`
`analyze, and copy the “back-end” of the Phreesia System and its underlying software code, and to
`
`view and copy the proprietary user interface of the Phreesia System.
`
`
`
`A review of the Phreesia user logs show that Defendants also accessed proprietary
`
`training materials stored on the Phreesia System. In or around April 2018 Defendants accessed
`
`
`
`
`11
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 12 of 23
`
`Phreesia University, gaining full access to Phreesia’s confidential training videos and documents.
`
`This material contains confidential information regarding both the functionality of the Phreesia
`
`System as well as information regarding Phreesia’s sales strategies and contacts. Defendants
`
`accessed materials from Phreesia University using the Timothy Goodwin/“Alice Test” account
`
`from in or around April 2018 to April 2019.
`
`
`
`On information and belief, Rolling Rock used the unauthorized logins it procured
`
`through its conspiracy with the other Defendants to review and copy Phreesia’s proprietary
`
`software at the direction of Certify.
`
`
`
`On information and belief, Defendants’ conspiracy with the Phreesia Client to gain
`
`unauthorized access was in part an attempt to disguise Defendants’ incursion of the Phreesia
`
`System.
`
`
`
`
`
`Phreesia first learned of Certify’s unauthorized access in or around January 2021.
`
`Certify has published images of its most recent user interface for its patient
`
`management and intake software. A side-by-side comparison of this Certify user interface and
`
`Phreesia’s proprietary interface shows that they are almost identical in look and function.
`
`
`
`The Certify software even includes the same coding idiosyncrasies and
`
`workarounds for features unique to the Phreesia System that could not plausibly have occurred
`
`without direct access and copying of the confidential functionality and interface of the Phreesia
`
`System.
`
`
`
`The similarities apparent even from the face of Certify’s published user interface
`
`and Phreesia’s proprietary interfaces show that the Certify system also copied the proprietary
`
`architecture, format, structure, organization, workflows, and logic of the software code underlying
`
`the Phreesia System.
`
`
`
`
`12
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 13 of 23
`
`
`
`The extreme similarity between the Phreesia and Certify software could not have
`
`arisen but for the Defendants’ extensive unauthorized access to and reverse engineering of the
`
`software code underlying the Phreesia System.
`
`COUNT I
`Computer Fraud and Abuse Act, 18 U.S.C. § 1030
`(All Defendants)
`
`
`
`Phreesia incorporates by reference the allegations contained in the preceding
`
`paragraphs of this Complaint, as if fully set forth herein.
`
`
`
`Defendants accessed Phreesia’s password-protected proprietary computers and
`
`systems without authorization or in excess of authorization that had been provided.
`
`
`
`
`
`Defendants’ access of the Phreesia platform was thus without proper authority.
`
`Defendants knowingly and with intent to do so, obtained information from at least
`
`one protected computer as that term is used in 18 U.S.C. § 1030(e)(2)(B).
`
`
`
`
`
`This access exceeded Defendants’ authorization and/or was without authorization.
`
`Defendants’ intentional access of at least one protected computer without
`
`authorization, as that term is used in 18 U.S.C. § 1030(e)(2)(B), caused damage to Phreesia in an
`
`amount of $5,000 or more in violation of 18 U.S.C. § 1030(a)(5)(A), in amounts to be proven at
`
`trial.
`
`COUNT II
`Conspiracy - Computer Fraud and Abuse Act, 18 U.S.C. § 1030
`(All Defendants)
`
`
`
`Phreesia repeats and incorporates the allegations set forth in the preceding
`
`paragraphs, as though fully set forth herein.
`
`
`
`On information and belief, the Defendants, collectively constituting two or more
`
`parties, agreed to enter into a conspiracy to access Phreesia’s platform without proper authority.
`
`
`
`On information and belief, each of the Defendants, in their individual capacity
`
`
`
`
`13
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 14 of 23
`
`and/or or acting as personnel for and on behalf of their employers, used improper means to access
`
`the Phreesia System without authorization, including by conspiring with the Phreesia Client to
`
`gain unauthorized access to Phreesia’s proprietary information, and by engaging in unauthorized
`
`access of the Phreesia System.
`
`
`
`Specifically, on information and belief, each of the following personnel engaged in
`
`the overt act of unauthorized access of the Phreesia System, Erika Blair (Certify), Timothy
`
`Goodwin (Certify), Darshan Patel (Certify), and Shreyas Swamy (Certify). Additionally, on
`
`information and belief, one or more officers or employees of Rolling Rock Software engaged in
`
`repeated unauthorized access of the Phreesia System from Rolling Rock Software’s India location
`
`and from Rolling Rock Software’s Gaithersburg, Maryland location.
`
`
`
`On information and belief, each party intentionally participated in the unauthorized
`
`access of the protected computers hosting the Phreesia System for the purpose of copying the
`
`Phreesia System to create a competing software system and/or to disclose Phreesia’s trade secrets
`
`and confidential information to third parties.
`
`
`
`Defendants’ intentional access of at least one protected computer without
`
`authorization, as that term is used in 18 U.S.C. § 1030(e)(2)(B), caused damage to Phreesia in an
`
`amount of $5,000 or more in violation of 18 U.S.C. § 1030(a)(5)(A), in amounts to be proven at
`
`trial.
`
`COUNT III
`Misappropriation of Trade Secrets in Violation of 18 U.S. Code § 1836 et seq.
`(All Defendants)
`
`
`
`Phreesia repeats and incorporates the allegations set forth in the preceding
`
`paragraphs, as though fully set forth herein.
`
`
`
`Phreesia developed its trade secrets and confidential and proprietary information,
`
`including the software code, architecture, format, structure, organization, workflows, back-end
`14
`
`
`
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 15 of 23
`
`logic, functionality, operation, and interface of the Phreesia System through a significant
`
`investment of time, effort, and expense.
`
`
`
`Phreesia has invested more than $92 million during the last five years alone to
`
`develop, implement, and update the Phreesia System.
`
`
`
`The software code, architecture, format, structure, organization, workflows, back-
`
`end logic, functionality, operation, and interface of the Phreesia System derive value from their
`
`secrecy and the fact that they are not openly known in the market.
`
`
`
`Phreesia has taken and continues to take reasonable steps to keep its trade secrets,
`
`data, and information confidential and to prevent disclosure without imposing confidentiality
`
`restrictions on the recipient. Phreesia’s efforts include, but are not limited to: execution of
`
`confidentiality agreements that require counter-parties not to disclose or permit third-party access
`
`to Phreesia software or information, or to use that information other than for a permitted purpose;
`
`limiting circulation of trade secrets within Phreesia and to third parties; and protecting, restricting
`
`and controlling access to Phreesia’s trade secrets and confidential information with physical and
`
`electronic means including encryption, password protection, and other security measures.
`
`
`
`Defendants used improper means to access and discover Phreesia’s trade secrets
`
`and confidential and proprietary information, including by conspiring with the Phreesia Client to
`
`gain unauthorized access to Phreesia’s trade secrets and confidential information, and by engaging
`
`in unauthorized access of the Phreesia System.
`
`
`
`Defendants used the misappropriated trade secrets and confidential and proprietary
`
`information to create a competing software product and/or to disclose Phreesia’s trade secrets and
`
`confidential information to third parties.
`
`
`
`Defendants’ misappropriation of Phreesia’s trade secrets and confidential and
`
`
`
`
`15
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 16 of 23
`
`proprietary information is willful, malicious and/or in wanton disregard of Phreesia’s rights.
`
`
`
`As a result of Defendants’ misappropriation, Phreesia has suffered and will
`
`continue to suffer damages in an amount to be determined at trial, including, inter alia, lost sales,
`
`impaired relationships with clients, and the disclosure and destruction of its trade secrets.
`
`COUNT IV
`Conspiracy - Misappropriation of Trade Secrets in Violation of 18 U.S. Code § 1836 et seq.
`(All Defendants)
`
`
`
`Phreesia repeats and incorporates the allegations set forth in the preceding
`
`paragraphs, as though fully set forth herein.
`
`
`
`On information and belief, the Defendants, collectively constituting two or more
`
`parties, agreed to enter into a conspiracy to misappropriate the trade secrets and confidential
`
`information of Phreesia.
`
`
`
`On information and belief, each of the Defendants, in their individual capacity
`
`and/or or acting as personnel for and on behalf of their employers, used improper means to discover
`
`the trade secrets and confidential and proprietary information of Phreesia, including by conspiring
`
`with the Phreesia Client to gain unauthorized access to Phreesia’s trade secrets and confidential
`
`information, and by engaging in unauthorized access of the Phreesia System.
`
`
`
`Specifically, on information and belief, each of the following personnel engaged in
`
`the overt act of unauthorized access of the Phreesia System, Erika Blair (Certify), Timothy
`
`Goodwin (Certify), Darshan Patel (Certify), and Shreyas Swamy (Certify). Additionally, on
`
`information and belief, one or more officers or employees of Rolling Rock Software engaged in
`
`repeated unauthorized access of the Phreesia System from Rolling Rock Software’s India location.
`
`
`
`On
`
`information and belief, each party
`
`intentionally participated
`
`in
`
`the
`
`misappropriation of Phreesia’s trade secrets and confidential information for the purpose of
`
`copying the Phreesia system to create a competing software system and/or to disclose Phreesia’s
`16
`
`
`
`
`

`

`Case 8:21-cv-00678-TDC Document 1 Filed 03/17/21 Page 17 of 23
`
`trade secrets and confidential information to third parties.
`
`
`
`Defendants’ misappropriation of Phreesia’s trade secrets and confidential and
`
`proprietary information is willful, malicious and/or in wanton disregard of Phreesia’s rights.
`
`
`
`Phreesia has suffered and will continue to suffer damages in an amount to be
`
`determined at trial, including, inter alia, lost sales, impaired relationships with clients, and the
`
`disclosure and destruction of its trade secrets.
`
`COUNT V
`Misappropriation of Trade Secrets in Violation of Maryland Code § 11-1201 et seq.
`(All Defendants)
`
`
`
`Phreesia repeats and incorporates the allegations set forth in the preceding
`
`paragraphs, as though fully set forth herein.
`
`
`
`Phreesia developed its trade secrets and confidential and proprietary information,
`
`including the software code, architecture, format, structure, organization, workflows, back-end
`
`logic, functionality, operation, and interface of the Phreesia System through a significant
`
`investment of time, effort, and expense.
`
`
`
`Phreesia has invested more than $92 million during the last five years alone to
`
`develop,

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket