The issue is one that various courts have addressed over the years: what recourse does a corporation have when a relator steals confidential information and discloses it to his or her attorney and to the government? The answer is . . . it depends. It depends on the scope of the materials taken, their relationship to the relator’s claim, and the breadth of the disclosure.

On May 13, 2016, the Eastern District of Illinois added another to the list of cases on this issue when it dismissed a counterclaim filed by LifeWatch Services, Inc. (LifeWatch). In its counterclaim, LifeWatch alleged that the relator stole confidential information and then disclosed it to the government and his lawyer. United States ex. Rel. Cieszyski v. LifeWatch Services Inc., No. 13-CV-4052 (N.D. Ill. May 13, 2016). In a brief, 11-page, opinion, the court dismissed LifeWatch’s counterclaim, holding that public policy protects whistleblowers from retaliation when they investigate and report allegations of fraud to the government. Id. at 6-10.

At issue in the case were two agreements signed by the relator. In April 2003, when he started working at the company, the relator signed a “Confidentiality Agreement.” Id. at 3. That agreement prohibited the relator from taking and disclosing to another “Confidential Information” of the company, such as financial data, pricing information and customer data. A few years later, in September 2006, the relator received the Company’s “Privacy Policy,” a document that stressed “the need to secure PHI [Protected Health Information]” and that further set forth the relator’s obligation to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Id. at 4. The relator signed that he had read and understood his obligations under the Privacy Policy. Id.

Within a few years of signing these agreements, however, the relator took certain information from the company that he then provided to his lawyer and the government. These materials were the basis of the relator’s complaint that the company violated the False Claims Act (FCA) when it submitted certain claims to Medicare.

In response to this complaint, LifeWatch filed a counterclaim that the relator had breached the Confidentiality Agreement and the Privacy Policy. Without question, the materials taken fell within the scope of the Confidentiality Agreement. Even the relator conceded as much. Id. at 3 n.3. And, at least one spreadsheet taken contained PHI regarding 52,000 patients, some of whom were not insured by the government and had no bearing on the relator’s claims that LifeWatch violated the FCA. Id. at 5.

Nonetheless, the relator moved to dismiss, and the court granted that motion.

The court began with what it called the broad “public policy that protects whistleblowers from retaliation for actions taken in investigating and reporting fraud to the government.” Id. at 6 (collecting cases). While this public policy is broad enough to prevent counterclaims against relators, there are rare instances when such claims can proceed, such as when the plaintiff takes and discloses materials well beyond the scope of what is needed to pursue a qui tam claim. Id. at 6; United States ex rel Wildhirt v. AARS Forever, Inc., 2013 WL 5304092 (N.D. Ill. September 19, 2013).

In this case, however, the court held that the relator did not engage in such a broad and untethered disclosure of confidential materials. Instead, the relator only took those documents reasonably needed for his claim against LifeWatch. LifeWatch, No. 13-CV-4052, at 8-9. The court put it this way:

Relator did not disclose the information to anyone other than the government and his attorney, did not disclose attorney-client information, and did not disclose trade secret information to LifeWatch’s competitors. . . . To allow a counterclaim based on the barest allegation that a relator took more documents than absolutely necessary would gut the strength and purpose of the public policy exception[.]

Id. at 9. For this reason, the court held that the relator did not breach the Confidentiality Agreement. Id.

So, too, the court held that LifeWatch failed to state a claim that the relator breached its Privacy Policy. According to the court, the Privacy Policy was not a contract at all. But, even if it was, the court held that handing over HIPAA-related information to the government and his lawyer was proper because the HIPAA regulations themselves contain a safe harbor for employees who disclose PHI to a government agency or attorney, if the employee has a good faith belief that the employer has engaged in wrongdoing. Id. at 10-11.

LifeWatch is not an unusual case. Relators often troll corporate files for materials that they then pass on to the government or to their lawyer. Sometimes, courts intervene and allow the harmed companies to sue for breach of contract for the unauthorized disclosure. See, e.g., United States ex rel. Cafasso v. Gen. Dynamics C4 Sys., Inc., 637 F.3d 1047, 1062 (9th Cir.2011); Wildhirt, 2013 WL 5304092, at *6. Nonetheless, as the LifeWatch case shows, it is often difficult for companies to win such cases, even when the material taken is clearly confidential or affects patient privacy.