Board of Directors Fiduciary DutyMedicare Compliance & Fraud Investigations
Electronic records such as e-mail do more than satisfy discovery requests in litigation. They serve as a check against mistake, fraud, overcharge, kickbacks, tax evasion, false records, misappropriation of funds-assets and other misconduct. Healthcare institutions need to retain these records to enable investigations of misconduct on the part of administrators or other decision-makers.
For example, when the board of directors of HealthSouth Corporation (operator of multiple hospitals) investigated massive accounting and Medicare fraud within the company, it needed access to the e-mail records of executives. Although more than a dozen company officials eventually pled guilty to white collar crime, the board's investigation was hampered by the company's policy of destroying e-mail relatively quickly.
The board's Special Audit Review Committee reported that it was unable to learn everything about the fraud on account of “the unavailability of certain corporate records” and “the Company’s e-mail retention practices, which ha[ve] resulted in the elimination of most electronic communications generated during the period under investigation.” Special Audit Review Committee Forensic Accounting Report, May 28, 2004, attached as Exhibit to Form 8-K filed with the Securities and Exchange Commission by HealthSouth Corp. on June 1, 2004.
A board of directors has a fiduciary responsibility to oversee the actions of management. A hospital board is concerned with the potential for bribes, corruption, accounting improprieties and Medicare fraud. See US Department of Justice Press Release, March 15, 2007, "New Jersey Hospital to Pay United States $7.5 Million to Resolve Allegations of Defrauding Medicare." Today, a board's oversight function requires access to e-mail, IM and text records. Electronic message records are like an inside informant. Those records contribute to corporate internal control, and deter misconduct like bogus Medicare billings. Hence, a board is prudent to insist that executives retain all their e-mail for a considerable period of time.
A board of directors has much incentive to fulfill its fiduciary responsibility here. If it does so, it protects itself from legal liability. Take for instance the story of Caremark International, a supplier of medical products and services. The company had paid the government a $250 million fine because some employees had been bribing physicians to prescribe the company's products and services to Medicare patients. In the wake of this fine, the shareholders sued the board of directors, claiming it had not done enough to prevent the bribery. Basically, the shareholders claimed: “Members of the board, you were engaged to look after our investment in Caremark. Obviously, your responsibility includes preventing employees from paying bribes and thereby attracting the massive fine that the company was forced to pay. You failed and therefore, members of the board, you are personally liable to us shareholders for the injury suffered by our company Caremark.”
However, the board of directors had a defense. Well before the government discovered the bribery, the board had implemented a substantial ethics program and a system of internal controls to prevent bribery. Even though the board’s efforts failed to prevent all bribery, they were enough to protect the board from liability. The court held the board had met its fiduciary duty. The court was persuaded the board had taken reasonable steps to prevent bribery, and that is all the law expects of the board. Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
The lesson from the Caremark case is that boards (whether serving a corporation, an LLC, a nonprofit or some other entity) must take reasonable steps to achieve internal control and shut down fraud. Today, the thorough retention of decision-maker e-mail and IM (including chat, Twitter, cell phone text and more) is one such step, as it is not very difficult or expensive. Executive e-mail records contain rich detail that can help the board oversee internal control and, when necessary, conduct competent investigations into the activities of suspect executives and employees.
Update: Good email and text message records can also help the healthcare industry's compliance with the new HITECH law. What is "HITECH"? It is the Health Information Technology Economic Clinical Health Act enacted by the US Congress 2009.
Mr. Wright is an advisor to Messaging Architects, global purveyor of products and services to support EDD, responsible corporate governance and reliable management of e-records.