Any person or entity receiving funds under the American Recovery and Reinvestment Act of 2009 ("ARRA") is also subject to its wide-reaching enforcement provisions. Given the government's recent focus on combating fraud, attention to the breadth of ARRA's provisions is both timely and important. The Attorney General specifically focused on ARRA in a recent statement, pointedly noting, "[t]he department's improved ability to...prosecute fraud will likely have high rates of return on the federal government's investment of resources through the American Recovery and Reinvestment Act of 2009. This request will enable the department to help protect American savers and investors, the national financial market, and the U.S. Treasury." 
The government's recent focus on fraud enforcement in conjunction with the specific emphasis on protecting ARRA funds means both direct and indirect recipients of ARRA funds should be aware of certain provisions within ARRA that may unwittingly cause Office of Inspector general ("OIG") scrutiny or employee claims. One such area is ARRA's unprecedented whistleblowing protection provisions and the risk they pose to recipients of Health Information Technology for Economic and Clinical Health Act ("HITECH Act") funds.
ARRA Whistleblower Protections
The ARRA whistleblower protection provisions protect employees of non-federal employers receiving ARRA funds from being discharged, demoted, or otherwise discriminated against for disclosing information that the employee reasonably believes is evidence of:
(1) a gross mismanagement of an agency contract or grant relating to covered funds;
(2) a gross waste of covered funds;
(3) a substantial and specific danger to public health or safety related to the implementation or use of covered funds;
(4) an abuse of authority related to the implementation or use of covered funds; or
(5) a violation of law, rule, or regulation related to an agency contract (including the competition for or negotiation of a contract) or grant awarded or issued relating to covered funds.
The Act broadly defines non-federal employers to include (1) contractors, subcontractors, grantees or recipients of ARRA funds; (2) professional membership organizations, certification or other professional bodies, agents or licensees of the federal government; and (3) state and local governments with respect to covered funds. The provisions have a broad scope of prohibited retaliatory acts beyond discharge or demotion. Other discrimination or negative effects on terms and conditions of employment or any action that would dissuade a reasonable person from engaging in whistleblowing are covered.
The whistleblower provisions protect employees against any reprisal for disclosing information, including disclosures made in the ordinary course of business, to any person having supervisory authority over the employee, or to a designated compliance officer or other individual who has authority to perform internal investigations. The incorporation of protections for disclosures in the ordinary course of business in ARRA contrasts with interpretations of whistleblower protections under other statutes. Beyond the protections for internal disclosures, employee disclosures to a member of Congress or government personnel, including an inspector general or state or federal regulatory or law enforcement agency member, are protected. Given that ARRA whistleblowers can make protected disclosure to a wide array of entities and individuals, employers will want to foster an open dialogue with employees to encourage employees to report any perceived mismanagement or waste internally.
How HITECH and ARRA's Whistleblower Provisions Interrelate
The whistleblower provisions in ARRA pose significant risk to those persons or entities receiving money under the HITECH Act provisions of ARRA. Those at risk include entities receiving grants and loans from the federal government under the HITECH Act to assist them in the implementation of electronic health record ("EHR") technology. HITECH was touted as a way to improve and facilitate the implementation of EHRs, which, it is believed, will result in overall cost savings and better quality health care. Because of the nature of the technology and the revolutionary concepts in evolving health information technology, it is likely that the EHR infrastructure and integration will go through many iterations before efficiently and effectively being implemented. It is becoming clear that current versions of EHR have unique properties that may not integrate and fully operate with other current and future technologies. Different entities working with EHRs have different platforms, and the development of the wider enterprise integration anticipated by the HITECH Act will require ongoing revisions and modifications to current strategies. Because of the broad nature of the whistleblower protections in ARRA, many of these first generation attempts in EHR may fall prey to ARRA's undefined terms of "gross mismanagement" or "waste of funds," as noted above. This could be a particular risk area for those entities trying to incorporate existing systems with those contemplated under the HITECH Act. It is only natural that these transitions will be neither smooth nor flawless and the extent to which problems in this process may be deemed "gross mismanagement" or "waste" potentially opens up opportunities for employees to attract government scrutiny through the use of ARRA's whistleblower protections.
If a report of gross waste or mismanagement or abuse of authority in connection with ARRA funds is made, the inspector general of the agency having jurisdiction over the ARRA funds is required, within 180 days, to investigate and make a determination regarding the employee's complaint of reprisal. An employee alleging a reprisal must only prove that a protected disclosure was a "contributing factor" in the reprisal. It is important to note that circumstantial evidence including "(i) evidence that the official undertaking the reprisal knew of the disclosure; or (ii) evidence that the reprisal occurred within a period of time after the disclosure such that a reasonable person could conclude that the disclosure was a contributing factor in the reprisal" is permitted. An employer's rebuttal must demonstrate with clear and convincing evidence that they would have taken the action in the absence of the employee's disclosure where the Inspector General finds a disclosure was "a" contributory factor in a reprisal. If, after reviewing the OIG report, the agency concerned with the ARRA funds finds that the employee was the victim of a reprisal, it has the authority to require the employer to (1) take affirmative steps to stop the reprisal; (2) reinstate the employee with back pay; and/or (3) pay compensatory damages, employment benefits or other awards to restore the employee to a position as if no reprisal had occurred. The employer may also be required to pay the costs and expenses associated with the complaint, including reasonable fees for the employee's attorneys and experts. In addition, there are no expressed caps on damages, making employer liability under this section largely unknown. If the agency decides not to take action, the whistleblower may proceed against the employer in court.
Considerations for HITECH Fund Recipients
Because of the lack of clarity regarding how the expansive whistleblower protections will be implemented and enforced, recipients of HITECH funds should consider the following:
- There are specific posting requirements for entities receiving ARRA funds. Each entity must post a notice to employees of ARRA whistleblower rights and remedies.
- The whistleblower protections protect disclosures regardless of whether there was a claim of fraud or intentional misuse of ARRA funds. Therefore, any time an employee reasonably believes that a HITECH fund recipient has "grossly mismanaged" or "wasted" government funds, their disclosures or complaints are protected.
- Gross mismanagement or gross waste of ARRA funds can be highly subjective. The lack of definitions generally and specifically related to the "gross mismanagement" and "waste" provisions leave much more room for dispute over the appropriate use of ARRA funds or abuse of authority related to the use of the ARRA funds. Because of the nature of EHR and dramatic changes in the technology and processes, the lack of definitional guidance creates a situation ripe for an entity using HITECH funds to become scrutinized by an agency for gross management or waste or for the complaint of an employee about trial and error efforts.
- Organizations that may not have been on the OIG's radar for fraud and abuse matters may suddenly become the target of a broader investigation. Once the OIG has gained access to an entity's records in connection with a whistleblower's complaint, there is nothing to prevent it from reviewing the records for other potential violations, including overpayments, fraud, and compliance with regulatory conditions of participation. Those entities developing EHR using HITECH Act funds are especially susceptible to this, given the government's announced enforcement efforts directed at health care fraud and integrity in ARRA spending.
There are no express statutory provisions for an evidentiary hearing with cross examination or an administrative appeal. This is very different from procedures before the U.S. Department of Labor, which provide for hearings before administrative law judges and the Administrative Review Board under Sarbanes-Oxley and other statutes with whistleblower provisions. Because of this, it appears that an agency can take unilateral administrative action which could ultimately put an entity's HITECH funds at risk and expose the entity to other sanctions including qui tam actions and claims under state law. This again strongly suggests prompt attention to internal complaints and prompt and thorough responses in any whistleblower complaints and investigations.
For those entities using HITECH funds to develop EHR systems, the broadness of the ARRA whistleblower provisions make it clear that entities must be thinking both from a fraud and abuse and an employment law perspective to develop prevention and protection safeguards. Going forward, employers receiving HITECH funds may want to take specific actions to foster an open environment to ensure that employees feel that their complaints and concerns are heard and meaningfully addressed. In addition, the environment should be one that cultivates EHR development without focusing on blame for ineffective or unworkable technologies while maintaining performance standards. Good documentation of performance problems will be important in many cases. Specific actions should focus on (1) developing or reinforcing effective compliance and ethics programs; (2) enhancing corporate code of conducts; (3) establishing and publishing a system for handling and investigating internal reports of misconduct or complaints of retaliation; (4) developing strategies to respond properly to any governmental inquiry or investigation; and (5) implementing structures for how to intake and investigate allegations of waste or mismanagement, even those that come in the ordinary course of business. Because of the broadness of the ordinary course of business inclusion, supervisors must be trained to recognize potential whistleblowers and to take these more general day-to-day complaints seriously.