Two recent court rulings indicate courts may extend a corporate board’s duty to monitor further than the previous norm. Healthcare corporate directors could be at an increased risk of shareholder lawsuits and personal liability.

  • The cases are from Delaware, where rulings are influential on other states.
  • The bar has been lowered for director accountability.
  • Healthcare organizations should review their risk assessment and compliance programs.

Members of healthcare boards of directors may be at significantly higher risk of personal liability and lawsuits alleging failure in the duty to monitor. Risk managers should act now to educate their corporate boards and review compliance with the obligations that could lead to litigation.

Two recent Delaware court decisions addressed a corporate board’s Caremark duty to monitor, explains Roger D. Strode, JD, partner with Foley & Lardner in Chicago. The Caremark duty is derived from In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), a civil action concerning a director’s duty of care, Strode says.

The Caremark decision established that corporate directors breached their oversight duty when they knew or should have known that violations of the law were occurring, took no steps to prevent or remedy the situation, and that failure resulted in the losses alleged by the complainant.

In one of the more recent decisions, on Oct.1, 2019, the Delaware Court of Chancery issued an opinion in In re Clovis Oncology, Inc. Derivative Litigation. That case involved stockholder plaintiffs claiming the board of directors failed to monitor the accuracy of the company’s clinical trial protocols and compliance with regulatory mandates. They further claimed the company misled the market regarding the efficacy and likely FDA approval of a drug under development.

The court denied a motion to dismiss the Caremark claim, saying the board’s alleged failure to monitor established systems in the face of “red flags” was problematic because Marchand requires that “when a company operates in an environment where externally imposed regulations govern its ‘mission critical’ operations, the board’s oversight function must be more rigorously exercised.”

In Marchand v. Barnhill, 2019 WL 2509617 (Del. June 18, 2019), the Delaware Supreme Court allowed a lawsuit to proceed against directors of an ice cream manufacturer. Blue Bell Creameries was involved in a listeria outbreak in early 2015 that killed three people, forced the company to recall all of its products, shut down production, and lay off more than one-third of its workforce. A shareholder sued the company directors for failure of oversight regarding food safety and compliance matters.

The Delaware Supreme Court ruled it was reasonable to infer that the Blue Bell directors consciously failed “to attempt to assure a reasonable information and reporting system existed,” allowing the Caremark claim to continue.

The effects of the rulings may be felt across the country because Delaware law is influential for other states, Strode explains. Most publicly traded companies are organized in Delaware because the state has the most formalized statutes and greatest body of case law regarding corporations and business organization, he notes.

“Courts and corporate lawyers will look to Delaware law to guide them on issues related to board duty, fiduciary duty, duties of oversight, care, and loyalty. Delaware often is at the tip of the spear when it comes to issues like this,” he says. “Their formalized structure on corporations is where other states look for guidance and case law precedents, even though it is not binding precedents in other states.”

The two decisions mean that corporate boards should be much more wary of violating Caremark requirements, Strode says.

“These courts are indicating that the outlook on Caremark is changing in a significant way, and directors face a greater risk of liability than they might have in the past, which means they may need to change how they do business,” Strode says. “The duty to monitor has been well established but boards have had the comfort of knowing that the bar was fairly high for being held liable. With these decisions, there is reason to think that is changing.”

Although the two decisions did not involve healthcare entities, Strode says there is a direct line of sight legally to health systems, hospitals, and other providers, because they have similarly “monoline” functions of providing quality clinical care in a highly regulated environment. The recent decisions emphasized that the companies had monoline functions — developing drugs and making ice cream — that a board could oversee without its focus splintering across multiple lines of business.

The court rulings also noted the highly regulated environments of drug development and commercial food production, where FDA regulations apply. Strode says it is reasonable to think the courts would see the same scenario with regulations from the Centers for Medicare & Medicaid Services, plus state departments of health.

The risk exists even for not-for-profit healthcare organizations without shareholders, Strode notes. Bondholders can sue if their investments are damaged. State attorneys general could assert charitable doctrine authority to adopt the legal posture of a shareholder, he explains.

“Before Clovis and Marchand, a Caremark claim was a tall order for the claimant. Bringing a case under Caremark was no guarantee of success, and in fact was often a real long shot,” Strode says. “You weren’t going to get a ruling in favor of a claim for director liability unless you could prove sustained or systemic failure of oversight. The bar has been lowered, and I think we may see more directors held liable.”

The courts are making clear boards must actively monitor compliance. In Clovis, Strode says the court’s decision means lack of action can be a basis of a failure of the duty of oversight. In Marchand, he explains, the court held the plaintiffs alleged sufficient facts to conclude that the Blue Bell board failed to implement any system to monitor food safety risk. The Marchand court said the “utter failure to attempt to assure a reasonable information reporting system exists is an act of bad faith and breach of a duty of loyalty.”

Both points could prove relevant in a healthcare entity’s failure to ensure patient safety, Strode notes. Boards for healthcare organizations are obligated to use risk-monitoring systems and ensure any identified issues are addressed. Any policies, procedures, and protocols implemented under those risk systems must be followed, he says.

“The organization risk manager and the board, with the support of counsel, should review internal and external risks and compliance on a regular schedule, at least twice a year if not more often,” Strode says. “There should be discussion at board meetings that are specifically devoted to these risk assessments and compliance obligations.”

The Marchand ruling also showed the need for an appropriate committee structure for risk assessment and compliance, Strode says. The court endorsed the idea of a committee that provides general compliance oversight.

Corporate information reporting systems also were relevant to the recent decisions. The courts indicated the systems should provide the board with information it can use to reach informed judgments on matters of safety and compliance, Strode says.

“In both Clovis and Marchand, part of what got them into trouble was that their boards could not rely on board agendas and minutes to show they were aware of important issues and addressing them adequately,” Strode explains. “The documentation was insufficient to show that they were receiving accurate, timely information on these issues and that they were taking the steps necessary to reach the Caremark threshold. Like everything else in healthcare, documentation can make or break your defense.”

Smaller healthcare organizations may face more risk in this area simply because they do not have adequate resources to properly meet the Caremark requirements, Strode says.

“They may not have the infrastructure or sophistication at the board level, or the internal knowledge of how to put in place the right processes, everything they need to comply with the duty of oversight,” Strode says. “Like everything with risk management, when you have less money and resources, you’re going to be at a higher degree of risk.”


  • Roger D. Strode, JD, Partner, Foley & Lardner, Chicago. Phone: (312) 832-4565. Email: rstrode@foley.com.