There is considerable confusion on the part of both health care providers and their employees about what documents and other evidence a potential whistleblower may legally obtain from their employment and provide to the government.
Confidentiality Agreements: A Protection?
Many health care providers ponder whether they can reduce the risk of a False Claims Act qui tam action being filed against them by requiring employees to sign confidentiality agreements that prevent the unauthorized removal of documents from the control of the employer.
Stacy Gerber Ward, Notre Dame 1993, is a shareholder with von Briesen & Roper, s.c., in Milwaukee, where she leads its Government Enforcement and Corporate Investigations Section.
Nola Hitchcock Cross, U.W. 1975, is a shareholder with Cross Law Firm, S.C., Milwaukee, where she concentrates on employment, business, and civil rights law, and has served as counsel on many False Claim Act recoveries.
Broadly speaking, to support allegations in a qui tam action, an employee may obtain and provide to his or her attorney and the government whatever documents and other data he or she may come across during the normal course of the performance of duties, provided such documents support their claims and are not merely taken indiscriminately. This includes HIPAA-protected data.
However, confidentiality agreements may offer employers some limited protection against the removal documents beyond the scope necessary to prove the allegations of false claims brought forward by the employee.
Particularly helpful to understanding these issues are two notable cases within the Seventh Circuit that define the scope of the documents that may be obtained by whistleblowers who have signed nondisclosure agreements.
Wildhirt v. AARS Forever, Inc.
In 2013 in U.S. ex rel. Wildhirt v. AARS Forever, Inc., the District Court for the Northern District of Illinois allowed claims to proceed that were brought against two whistleblowers by their former employer for disclosing documents obtained during the course of their employment.1
During their employment with defendant, they both signed an agreement titled: “Employee Confidentiality, Non-Compete, and HIPAA Agreement.”
Pursuant to that agreement, the employee agreed to the following:
- To not use any confidential information in any way or copy or reproduce any confidential information during the term of employment;
- To indemnify and hold the employer harmless from any loss that arose out of or related to the unauthorized disclosure of confidential information;
- To comply with the employer’s patient confidentiality policies pursuant to HIPAA; and
- To not receive any monetary reimbursement for involvement or assistance in a qui tam action filed against the employer.2
After the employees left their employment with the defendant, one of them made disparaging comments to Veterans Affairs about the defendant and its business practices. When the defendant threatened to sue the former employee for disparagement, she filed the qui tam under the False Claims Act (FCA).
During the course of discovery, one of the whistleblowers admitted that she had haphazardly brought home documents containing HIPAA protected information before she had any intention to file a qui tam,and that she should have returned the document. In addition, some of the documents had been made public.3
The defendants brought several counterclaims against the relators, including two claims based on their failure to abide by the confidentiality agreement.
In analyzing those counterclaims, the District Court noted that, while public policy does not permit indemnification or contribution claims against the relator in an FCA matter, the defendant may bring independent claims against the relator.4
The court held that the defendants’ counterclaims, based on the violation of the confidentiality agreement, were independent claims, and could therefore be pursued because
“given the extremely broad scope of documents and communications that Relators are alleged to have retained and disclosed, the counterclaims’ success does not require as an essential element that Defendants are liable ... under the FCA”5 (citations omitted).
Cieszynski v. Lifewatch Servs., Inc.
Based on a factual situation “far different” than in Wildhirt, U.S. ex rel. Cieszynski v. Lifewatch Servs., Inc.6, the Seventh Circuit came to a different conclusion, and dismissed counterclaims against a relator that were based on the breach of a confidentiality agreement.
Similar to the whistleblowers in Wildhirt, the relator in Cieszynski signed a confidentiality agreement.7 After the relator filed the qui tam,the defendant alleged that the relator accessed confidential information and HIPAA protected materials that he did not need to carry out his job responsibilities.8
Unlike in Wildhirt, Lifewatch did not allege that the relator removed the documents for any purpose other than to file a qui tam or provided them to any party other than the government.9
In evaluating the defendant’s counter claims, the court acknowledged that there is a public policy that protects whistleblowers from retaliation for investigating and reporting fraud to the government.10
Taking that policy into consideration, the court employed a balancing approach to analyzing the defendant’s claims – balancing the need to protect whistleblowers against an employer’s legitimate expectations that its confidential information will be protected.11 In holding that the defendant’s counterclaim failed to state a claim against the relator, the court distinguished the case from Wildhirt:
- First, the defendant did not allege that the relator took the documents for any reason other than to file the qui tam and provided them only to the relator’s attorney and the government.12
- Second, the court found that the scope of documents taken by the relator was not unreasonable. Although the information obtained by the relator and provided to the government included information about claims submitted to payers other than federal health care programs, the court found that it was unreasonable to expect that a relator would know precisely what evidence was needed to report fraud.13
Some General Rules
These two cases point to some general rules that govern the relationship between a health care provider and employees who are potential whistleblowers.
HIPAA Protected Documents
The HIPAA regulations contain a safe harbor for employees who disclose protected health information to a government agency or their attorney, if the employee has a good faith belief that the HIPAA-covered employer has engaged in unlawful conduct.14
Proprietary or Confidential Information
The key factors to be analyzed are whether:
1) the documents were taken for a purpose other than to file a qui tam and
2) the relator disclosed the documents to any third party beyond his/her attorney and the government.
However, in the event that the whistleblower discloses the information to a third party, a confidentiality agreement between the whistleblower and the employer may provide the employer with some relief against the employee.
In order to avoid allegations of impropriety, employees who are not reasonably able to remove documents from the premises without detection may present the information to in-house counsel or a compliance official, and ask that the documents be safeguarded.
Another possible tactic to avoid allegations of impropriety is for the employee to download materials to a memory disk or stick, and then tape such materials to the back of a cabinet or other nonvisible location, and then to inform the government of the location.
Finally, if a qui tam action is filed, the parties should seek a protective order at an early stage to avoid making any confidential or propriety documents public.
Attorney-client Protected Documents
Although not explicitly addressed by the cases cited above, taking and disclosing documents protected by the attorney-client privilege can open the whistleblower to sanctions.15
For documents even arguably subject to attorney-client privilege, neither the employee’s attorney nor the government should accept them without first having them reviewed by a taint team. In the event that the Department of Justice receives potentially privileged documents and is alerted to that fact, a taint team procedure should be followed.
Similarly, counsel meeting with an employee regarding a potential whistleblower case must inquire about the details of both the content and the origin of documents before reviewing them. In the event that the employee suggests that the documents may contain privileged materials, counsel must take great care not only to hire separate counsel for a taint review, but also to segregate and seal such documents when providing them to the government so that the government’s investigative team may see that they go directly to a taint team for review.
While it may seem outlandish to employers, Wisconsin is among the majority of states that allow merely single-party consent for purposes of making recordings.16 Thus, any employee who is party to a conversation may record that conversation, even if done covertly. However, an employee may not place a recording device in a location, such as a manager’s office, and record a conversation to which the employee is not a party. The theory that such recordings may violate an employer’s confidentiality agreement with its employees appears to be untested.
1 2013 WL 5304092 (N.D. Ill. Sept. 19, 2013).
2 Id. at *1 - *2.
3 Id. at *3.
4 Id. at *5.
5 Id. at *6.
6 2016 WL 2771798 (N.D. Ill. May 13, 2016).
7 Id. at *2.
8 Id. at *3.
11 Id. at *4.
13 Id. at *5.
14 45 C.F.R. § 164.502(j)(2013).
15 See, e.g., Walsh v. Amerisource Bergen Corp., 2014 WL 2738215 (E.D. Pa. June 17, 2014).
16 Wis. Stat. § 968.31 (2015-16).