Professional intimidation threatens risk managers, but law offers protection

Risk managers continue to report that they experience harassment and retaliation for doing their jobs, with health care executives making them the scapegoat for lapses in policy and quality by the health care institution. This age-old problem may be ameliorated by new federal laws that provide greater protection for risk managers and whistleblowers, and a direct line to upper management may help avoid some of the conflict.

The dilemma is illustrated by the ongoing case of a risk manager who says she was fired by her hospital for reporting an Emergency Medical Treatment and Active Labor Act (EMTALA) violation after hospital executives discouraged reporting it for fear of a large penalty.

Margaret O'Connor, RN, was the risk manager at Jordan Hospital in Plymouth, MA, until her firing on May 19, 2010. She had been employed by Jordan Hospital for 38 years, working in various positions related to quality control before becoming risk manager, according to the complaint filed in the U.S. District Court, District of Massachusetts. O'Connor claims in her lawsuit that she was fired for her actions after an incident at the hospital on March 26, 2010, involving a patient in labor who was transferred to another hospital.

O'Connor responded by conducting a full investigation and concluding that Jordan Hospital had violated EMTALA, the claim says. When she reported her findings to senior management, she indicated that she planned to notify the Centers for Medicare & Medicaidimmediately, because the law required her to do so — and because the hospital would fare better if it self-reported, rather than risking that the other facility would report the incident.

According to O'Connor, her boss discouraged reporting, and soon after she reported the EMTALA violation to CMS, she was fired. She is now suing the hospital, which denies her allegations. O'Connor's attorney, Jared Burke, JD, of Needham, MA, says there has not yet been a settlement, and he is continuing to press forward with the lawsuit.

Direct line to board crucial

Although he is not familiar with the specifics of the O'Connor case, Reid Bowman, JD, general counsel with ELT Inc., a company in San Francisco that provides compliance and ethics training, says the allegations in the lawsuit illustrate one important point regarding professional intimidation of risk managers.

"It is absolutely essential that health care risk managers have clear and unequivocal support from the top," Bowman says. "The risk manager must have a direct line of communication to the senior administrators and the board of the health care institution, so that his or her message does not get filtered, watered down, or somebody puts their own spin on it."

The law recognizes the importance of such a direct line of reporting, Bowman says. Recent amendments to the Federal Sentencing Guidelines specifically address the reporting structure of health care organizations, saying that the chief compliance officer should report directly to the organization's board of directors, or an appropriate subdirectory such as an audit committee, he says. In most health care organizations, the risk manager will either fill the role of chief compliance officer or report to that person, he notes.

Sentencing guidelines address problem

That reporting structure serves to reduce friction for the risk manager, but it also offers practical benefits in the case of a prosecution.

"If you do that, then you are likely to get the benefits under the Federal Sentencing guidelines," Bowman says. "If your organization gets in trouble with the feds, and you're criminally charged, you can lower your ultimate penalty by as much as 95%. If you're really serious about this, you have to have a direct pipeline to the board or a related committee."

At the same time, however, Bowman says it is imperative for risk managers to ensure that they maintain a high degree of professionalism and not tolerate a lack of quality in their own departments. Too often, he says, risk management can be seen as a dumping ground for administrators who didn't make the cut elsewhere or "executives in transition."

"Maybe that person's department has been shut down, so they park that person in risk management until they find something the person is really competent in, but in the meantime you have someone in your department who is not what you really need," he says. "You have to avoid that kind of reputation in your organization, and if your own credentials are not up to par, you have to address that immediately."

Of course, the problem of retaliation is not limited to risk managers. Any employee who brings a problem to the attention of superiors or reports an issue to regulators may face retaliation from the employer, and Bowman says that possibility must be addressed head-on during compliance and risk management training. Too often, he says, the issue is mentioned as an afterthought — as a throwaway line at the end of the session where employees are told that retaliation will not be tolerated.

"It's mentioned when people are shuffling their papers and getting ready to walk out the door," Bowman says. "In reality, it's a huge issue. Retaliation is now the number-one reason for Equal Employment Opportunity charges. Retaliation has to be built into your education just like all the other important topics, and you have to provide real-life examples."

The examples are important, because professional intimidation can be subtle. Retaliation also is a natural human reaction, Bowman says, so it is important to acknowledge that even otherwise well-meaning managers can be tempted to punish someone who has rocked the boat.

Culture must support reporting

That kind of education can help build an organizational culture that recognizes the possibility of professional intimidation, but it also establishes a zero tolerance policy, Bowman says. That culture should protect not only whistleblowers who bring problems to the risk manager, but it also should also protect the risk manager who reports that problem to the board.

In the event that all of these precautions fail and the risk manager is facing pressure for trying to do the right thing, what recourse is there? Bowman says that all-important access to the board or audit committee is the best hope for resolving the issue. The risk manager must go to the board and explain directly that the hospital's policy against retaliation is being violated, he says.

"You also have to explain to the board that, as unpleasant as it is to have a risk manager bring you bad news, it is far better than having an outside agency or a plaintiff's lawyer bring it to you," Bowman says.

State and federal laws can help

Ultimately, the risk manager may have to rely on the protections afforded by law, says Kevin Troutman, JD, an attorney with the law firm of Fisher and Phillips in Houston. The whistleblower protections afforded by various federal and state laws more commonly are thought of in terms of protecting lower-level employees from retaliation by employers, but they can just as effectively protect the risk manager who passes on that information or reports violations to outside agencies, he says.

Many states have broad whistleblower protection statutes that protect employees, Troutman notes.

"All that person needs is a good faith belief that he or she is reporting a violation," he says. "Some states include a rebuttable presumption, saying that if a person is terminated in a certain amount of time after making the report, the presumption is that the termination was the result of their report."

Those applicable laws should be incorporated into the health care organization's policies and educational efforts, Troutman says. Don't stop with saying that retaliation is not acceptable. Spell out the protections afforded by state and federal law, he says.

Consider committees, outside groups

The culture of the organization should be considered when risk managers are offered positions in risk management at another institution, or when offered the chance to advance with the current employer, Troutman suggests. An organization that is dedicated to continuous quality improvement and transparency will be less likely to put the risk manager in a difficult position than one that is more focused on hiding its flaws, he says.

Troutman also suggests that many incidents of professional intimidation can be avoided by not having the risk manager shoulder all the responsibility for difficult decisions. With more difficult decisions or costly ramifications of reporting, the risk manager probably should involve others to avoid a showdown between two individuals, he says.

"When you know that there is going to be a department or a powerful physician who doesn't like your decision, set it up so that that determination or that course of action doesn't all fall to just the risk manager," he suggests. "A committee or some advisory resources can spread the responsibility and avoid having all the anger or dissatisfaction falling on the risk manager's head. You can still take responsibility for your job by making a decision and acting on it; but you can back it up by saying that you went to the professional group or consulted with outside resources, and they confirmed that your course of action is correct."

Educate board about compliance

A risk manager who faces stiff resistance from senior leadership in the health care organization over reporting a violation may have failed in educating those people about the benefits of self-reporting, suggests Kenneth S. Springer, president of Corporate Resolutions Inc. in New York City, which provides fraud investigation services to corporate clients.

"Is this an old boy network that has been doing things the same for years and years, and they don't want some young buck changing things?" he says. "Education is important in showing the executive board and everyone else at that top tier that trying to hide the bad news and hope no one notices isn't the way to do business any more. The laws have changed, and they need to understand how much better — how dramatically better — it is to self-report in most cases."

In the O'Connor case, if the risk manager's allegations are true, Springer says he suspects the board and senior leadership made the mistake of thinking that an EMTALA violation could be swept under the rug and that there was little risk in not reporting it. That's old-school thinking, he says.

"If there were no grounds for this woman to be fired, I suspect she'll end up owning the hospital," Springer says. "The law recognizes that you need people like her to make these complaints and follow through with reporting to the authorities. If she truly was pressured, and she was the victim of wrongful termination, I think over time her case will send a message."

Caving in to pressure no solution

Risk managers under pressure not to report a violation should remind senior leadership that they are putting themselves at risk, says Michael Diaz, JD, managing partner with the law firm of Diaz Reus in Miami. The law generally does not hold an employee responsible for not reporting a violation because he or she was pressured by upper management to keep quiet, he says. So, for instance, a nurse who is discouraged from reporting a problem probably would not be prosecuted.

But the board and other senior leadership can be held accountable. And in most cases, that includes the risk manager. So, caving in to pressure not to report a problem won't make the problem go away.

"More and more, we're seeing legislation make those at the top of the business, such as the members of the board, personally responsible both civilly and criminally for their non-action," Diaz says. "Within that group lies the risk manager. If the risk manager is not made civilly, administratively, criminally liable for his or her performance, what's the purpose of having a risk manager?"


• Jared Burke, JD, Law Offices of Timothy M. Burke, Needham, MA. Telephone: (781) 455-0707. E-mail:

• Reid Bowman, JD, ELT, Inc., San Francisco, CA. Telephone: (410) 531-2444. E-mail:

• Kenneth S. Springer, President, Corporate Resolutions Inc., New York City. Telephone: (212) 691-3800. E-mail:

• Kevin Troutman, JD, Partner, Fisher & Phillips, Houston, TX. Telephone: (713) 292-0150. E-mail:

• Michael Diaz, JD, Managing Partner, Diaz Reus, Miami, FL. Telephone: (305) 375-9220. E-mail: