Healthcare organizations are likely to see an increase in internal investigations in the coming year. The primary causes are a growing emphasis on compliance and the advent of new technology creating data risks.

  • Slightly fewer healthcare respondents in a survey said they proactively monitor electronic data security, compared to other industries.
  • Many healthcare organizations report that more than half of their internal investigations involve the preservation of employee data.
  • Companies are using a combination of increased human resources and new technology in response to growing volumes and types of data.

Healthcare risk managers can expect a greater focus on internal investigations and audits in 2020, with much of it aimed at heading off government inquiries with potentially large consequences.

Healthcare organizations are taking a path similar to many other industries in trying to police themselves before an outside entity intervenes, says John Kihlberg, senior director for engagement and client management with H5, a legal technology company in San Francisco.

“We’re seeing companies facing a lot more internal investigations, with some of those coming from audit programs and special investigation units focused on trying to prevent some of the regulatory investigations that could be triggered if there is an issue,” Kihlberg says. “They are proactively looking at that internally, more than they did before, to try avoid these issues turning into a major problem when regulators get involved.”

At the same time, healthcare organizations are conducting more internal investigations regarding compliance, expenses, and mandatory reporting to government agencies, he says. In a recent survey about internal investigations by H5, 20% of respondents in healthcare/life sciences indicated their companies faced more than 100 investigations per year, compared to 22% of respondents overall.

Fifty-seven percent of healthcare/life sciences respondents said their companies proactively monitor electronic data to identify potential wrongdoing, compared to 67% industrywide. Thirty-nine percent of respondents in healthcare/life sciences said that more than half of their investigations involve the preservation and/or collection of employee data. (The survey report is available online at: https://bit.ly/2PWhr6d.)

Although investigations are up across all industries, healthcare is faced with increasingly complex compliance requirements for data management, notes Sheila Mackay, managing director of eDiscovery Services with H5. For instance, the General Data Protection Regulation law on data protection and privacy for all individual citizens of the European Union addresses the transfer of personal data outside the EU.

Healthcare organizations are adopting a hybrid approach to data compliance, using more human resources along with technology, Mackay says.

“The data are growing so fast, both in volume and variety, that it is sometimes challenging for internal employees to figure out where the sensitive data reside. Healthcare has so much sensitive data. They are hit especially hard by the advent of new technology that may include those data in forms and in locations they haven’t seen before,” she says. “They have to become faster and more effective at identifying those data, so that is part of what is spurring this uptick in internal investigations.”


  • John Kihlberg, Senior Director, Engagement and Client Management, H5, San Francisco. Phone: (866) 999-4215. Email: jkihlberg@h5.com.
  • Sheila Mackay, Managing Director, eDiscovery Services, H5, San Francisco. Phone: (415) 757-8311. Email: smackay@h5.com.