What Recipients of Provider Relief Fund Payments Can Do to Mitigate Whistleblower Risk
We previously discussed how recipients of payments from the Provider Relief Fund (PRF) are at risk for allegations of fraud and specifically addressed how these recipients may become targets of False Claims Act (FCA) allegations. In addition, we provided an in-depth look at best practices for mitigating risk and responding to fraud allegations in connection with these payments. Given that the FCA specifically empowers individual whistleblowers to pursue FCA claims on behalf of the federal government and incentivizes them by awarding them up to 30% of any FCA recoveries, we now focus on actions recipients of payments from the Provider Relief Fund can take to lessen the risk that individual employees in your company will become whistleblowers.
Whistleblower laws, which greatly incentivize and protect whistleblowers, have clearly increased whistleblowing. Recently, the public reports of significant payouts to whistleblowers have further induced the act of whistleblowing in the hope of a lucrative payout. In 2019, the DOJ recovered $3 billion from FCA settlements and judgments. Of that $3 billion, about $2 billion came from whistleblower cases, with whistleblowers collectively receiving more than $260 million.
Recipients of payment from the PRF need to manage whistleblower risk by creating an atmosphere where whistleblowers will first report their concerns to the company, rather than immediately go to the government or a regulatory agency. But this is merely the first step. Studies show that while 90% of whistleblowers first report their concerns internally, many then go on to report outside based on their perception of how the company is handling their report. The company’s response to reports of misconduct will also be evaluated by the government when determining penalties, if wrongdoing is ultimately found.
There are a number of actions PRF recipients can take to mitigate the risk of a whistleblower reporting their concerns outside the company. Recipients of payments from the PRF should also take action to help ensure that if the government or a regulatory agency becomes involved, they view the company’s response as robust and effective, which will help minimize penalties. PRF recipients should have procedures in place that enable the company to swiftly address allegations of fraud or misconduct and also ensure that the whistleblower is treated in compliance with the applicable laws to prevent a further whistleblower claim of retaliation.
While there is not a one-size-fits-all plan for businesses facing whistleblower risk, there are overarching principles that companies should have as part of their plans to create an environment in which internal reports of potential wrongdoing are encouraged and to respond to such reports appropriately and effectively. The following principles will help companies achieve those goals and therefore mitigate their risk.
- Tone from the Top: It is imperative that the tone from the top enforces the necessity and expectation of compliance. This is especially critical during the pandemic as remote work, stress, and uncertainty may create the impression that the rules don’t apply or don’t need to be followed. Now is a good time to remind your employees of your rules and procedures and that ethical actions and compliance are always expected, including now. It is important that not only top management relays this message, but also all middle management and line supervisors do as well.
- Accessibility: Ensure you have reporting channels that are easily accessible and well-publicized. Best practices would be to include an anonymous way for employees to report potential issues. You should also ensure that changes aren’t needed due to the remote work environment created by the pandemic. If changes are made, publicize them and use it as an opportunity to re-emphasize the company’s commitment to compliance.
- Protection: Establish anti-retaliation policies that are strictly enforced and that are well-known to employees. The FCA specifically protects whistleblowers from retaliation by their employers in connection with their efforts to report and stop FCA violations. When the identity of a whistleblower is known (i.e., the report is not through an anonymous channel), the company must stake steps to protect the identity of the whistleblower and should also monitor the whistleblower to ensure they are not treated adversely.
- Seriousness: While the credibility of all reports will need to be evaluated, all allegations should be taken seriously and investigated to determine if they have any merit that warrants opening a full internal investigation. If the initial findings show that the matter is potentially serious with significant ramifications, engage outside counsel. Investigation protocols should also be reviewed to determine if updates are needed to account for a remote-working environment.
- Manage Expectations: Upon receiving the report, discuss with the whistleblower the company’s next steps and their expected timeframe.
- Provide Updates: Keep the whistleblower informed of the investigation to assure them that the company is actively working to uncover and resolve any misconduct. Be mindful not to disclose anything that will waive privilege or create issues with confidentiality.
- Share Results: Keeping in mind confidentiality and privilege, share the results of the investigation with the whistleblower, demonstrating that even if no wrongdoing was ultimately found, the investigation was fulsome and thorough.
- Documentation & Record Retention: It is critical that the company retain all relevant documentation. This includes documents related to the internal investigation as well as information from any employees who had their employment terminated. Reasons for termination should be properly documented. Further, in the case of termination of the whistleblower, documentation should establish that termination was not in response to their allegations or concerns.
The above are the main principles. We have previously created, and recently updated, a more detailed list of proactive steps a company can take to avoid becoming subject to a whistleblower complaint.
This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.