Article Images

In publicly traded companies across the country, the Sarbanes-Oxley Act, and more recently the Dodd-Frank Wall Street Reform and Consumer Protection Act, mandate the development and use of clear, effective whistleblower protection policies.

These policies also make good sense for nonprofit organizations such as hospitals and systems. They encourage employees to come forward with concerns without fear of retaliation and meet stakeholders' needs for greater comfort with a hospital's governance and oversight. Independent directors and audit committees should make sure that their hospitals are using best practices when it comes to whistleblower policies.

Dodd-Frank Raises the Bar

The whistleblower provisions enacted by Dodd-Frank called upon the Securities and Exchange Commission to establish rules providing for the payment of awards, subject to certain conditions, to whistleblowers who provide information to the SEC regarding a violation of securities laws. The act also increased the scope of violations for which a whistleblower award may be made.

There are significant monetary awards available to whistleblowers as a result of the act. If the SEC is successful in prosecuting a violation as a result of a whistleblower's information, the whistleblower will receive between 10 and 30 percent of the aggregate monetary sanction received by the government if it is greater than $1 million. Also, significant penalties will be imposed on companies that violate the act's anti-retaliation provisions, which include reinstatement, double back pay with interest and litigation fees.

While these same penalties do not apply to nonpublic hospitals or systems, the stakes still can be high. Whistleblowers can be a source of uncovering fraud, and a good policy can protect reputational risk. It is vital for all health care organizations to have an effective policy in place. Unfortunately, many hospitals and systems have ineffectual policies or none at all. In discharging their duties to the organization, board members and audit committees should insist on an effective whistleblower system.

The Audit Committee's Role

The audit committee is responsible for ensuring that management has instituted an adequate system of internal control. Committee members should make sure that the organization's policy is both effective and implemented properly. In developing a strong whistleblower policy, health care organizations, their audit committees and their independent directors should take into account the following considerations:

  • Clarity. A written whistleblower policy should be communicated to the organization. It should clarify that the hospital will not tolerate violations of law by any of its officers or employees. It should state how and to whom employees are to report any wrongdoing as well as how complaints will be handled. Employees should know what is expected of them both individually and as a part of the organization.
  • Confidentiality. To encourage employee participation, the policy should enable staff members to communicate with the organization on a confidential basis and without fear of retaliation. Additionally, anonymous complaints should be handled in the same manner as other complaints.
  • Common goals. The policy should be clear that it applies to all employees at all levels and that it exists for the benefit of both the hospital and its employees.
  • Corporate compliance. The policy also should contain an organizational obligation to report itself to the applicable federal agency if it is found that a legitimate regulatory violation exists.

Independence Is Essential

A key component of any effective whistleblower policy is independence. To provide objectivity and maintain the integrity of a hospital's whistleblower policy, best practices suggest that it include an independently administered review process. Individuals are more likely to come forward with information if they believe that the person receiving the complaint is impartial.

To maintain this independence, hospitals — and their management, boards and audit committees — are increasing their use of independent legal counsel, who can play a valuable role in the administration of whistleblower policies.

A hospital's policy may provide that all complaints or other information be communicated to the audit committee, which typically is composed of independent directors. If this is the case, the committee and directors should have the authority to investigate any claims that are raised, as well as permitted to retain outside legal counsel when necessary. Audit committees and directors have other responsibilities to fulfill, and it may not be practical for them to handle whistleblower complaints. The ability to retain outside independent counsel prevents these individuals from becoming bogged down in handling complaints.

Independent counsel typically receives the claim and all information relating to it, fully investigates its merits and acts as an intermediary between the employee and the organization. Counsel manages the process, which includes providing periodic updates to both the employee and the organization as to the status of the claim.

This external entity, however, should not be the hospital's outside law firm or another attorney who has provided services to the organization in the past, because it would undermine the integrity of the whistleblower policy. The audit committee or directors should select the independent counsel.

One concern, however, is how to prevent the organization from incurring unnecessary legal costs for retaining independent counsel to investigate claims that are not material or have no merit. There are two potential solutions. The first is to provide that someone at the hospital will review complaints and make a determination as to whether a potential violation meets a certain level of materiality before referring them to independent counsel. The downside is that the participation of someone internal to the organization could harm the whistleblower policy's integrity and objectivity.

Alternatively, many robust policies provide that all matters be referred first to independent counsel, often using a paraprofessional to triage them, referring back to the organization any nonmaterial or trivial claims or any other matters that are more appropriately handled by the hospital internally. An organization also can retain the services of outside companies that establish hotlines for whistleblower complaints and also provide various related case management services. These outside service providers will coordinate with independent counsel.

Counseling the Whistleblower

Independent counsel also can play a valuable role in the implementation of a whistleblower policy. Many policies state that an employee who wishes to report a potential violation on an anonymous basis can have independent counsel appointed to him or her. This maintains the anonymity and confidentiality of the whistleblower because he or she has the benefit of the attorney-client privilege, and would help to eliminate the fear of retaliation. This counsel is not the same independent counsel as oversees the policy.

In this scenario, the hospital would fund the whistleblower's legal fees. The appointed attorney responds to the inquiries and investigation of the organization's independent counsel and receives status reports from the hospital's independent counsel.

Protect Your Hospital

As a matter of best practices, the trend among nonprofit hospitals is to embrace a broad whistleblower policy. Among other things, it protects against fraud and other reputational risk. Using independent counsel to administer these policies ensures effective implementation and typically encourages employees to come forward with important information.

Mark S. Greenfield, Esq. (, is a partner at Blank Rome LLP, Los Angeles, specializing in corporate representation. He is a member of the board of directors and has been chair of the audit committee of Cedars-Sinai Medical Center. Karen L. Corliss, Esq. (, is an associate at Blank Rome LLP, Philadelphia, specializing in corporate representation.

Sidebar - What Makes a Board Member 'Independent'?