Wednesday, September 5, 2007

Dealing with Whistleblowers 2

eHealthRisk Blog reader Kim Sanders-Fisher posted a lengthy comment on my previous post Dealing with Whistleblowers concerning her own personal experience as a whistleblower at a prestigious US hospital. Her comment suggests that my assertion, that every health care organization should put a reporting system in place that allows staff to report safety, privacy and other risk issues without fear of retribution, was somewhat simplistic.

In a perfect world we would encourage and thank people who report matters that compromise the safety and wellbeing of patients and health care workers. In reality, the world is much more complex and, often times, nasty. We continue to live in a blame-oriented culture that would much prefer to kill the messengers (i.e. whistleblowers) than to accept that our organizations and the people who run them are less than perfect.

Unfortunately, even whistleblowing programs and protections that are in place in progressive organizations are easily subverted by low, middle and senior managers who have a vested interest in maintaining the status quo, even if the status quo poses risks to patients and others. Its too easy to blackball someone, making their life miserable, in the hope that they will just go away.

Quis custodiet ipsos custodes? (Who guards the guardians?) Its sad that those in positions of authority in many organizations will tend to act in their own self-interest and the interests of the organization, rather than in the interests of patients.

I am coming to the conclusion that we must implement independent mechanisms such as the Aviation Safety Reporting System to address risk issues in health care, including safety, privacy and security issues associated with eHealth such as security deficiencies, software and other technology errors and poor human factors engineering. This would include the many systemic and organizational issues that will arise as health care providers us eHealth tools to deliver health care.

I'm waiting to hear about a positive whistleblower experience. One where the whistleblower was acknowledged and thanked for taking a personal risk to protect the interests of the patients they were caring for.

I'm not holding my breath.


Anonymous said...

More common approaches to risk management and setting risk tolerances would go a long way towards identifying when a whistle blower has a legitimate risk concern vs. a personal grievance.

An organization may be doing an activity that they feel posses an acceptable risk and is within the organization's risk tolerances, yet from another's perspective the activity could be considered too risky.

At this stage, who is right? In terms of privacy risk, our privacy commissioners mold tolerances through reviews, orders and publicly expressed opinions.

I would be interested in how other readers temper their organizational risk tolerances, for the various risk areas, and what guidance they use.

Kim Sanders-Fisher said...

I had not meant to suggest that the basic concept of all internal reporting systems was not valid, just that it requires greater scrutiny and stringent safeguards that do not exist today with “Risk Management” and Compliance Lines. These systems have been hijacked by Corporate interests to the point where in some cases Risk Management merely protect Managers from the risk posed by outspoken employees and Compliance Hotline just act as an early warning system of potential external reporting. The very existence of a Compliance Line allows an institution to be trusted with self policing and receive reduced penalties for serious infractions. There are huge implications in terms of complete lack of accountability when these internal policing departments are corrupted to serve financial interests. If these systems are to have any beneficial merits at all they require much stricter regulations regarding how they function and how their mandate to protect employees from retaliation is interpreted to encourage transparency and safe reporting. On my Blog I have posted a suggested list of Compliance Line regulations that might have prevented the corrupt handling of my own case, go to:

I do not have great computer skills, but I believe that safe reporting could be possible via a specialized computer program. I came to this conclusion following a negative experience at my former Hospital that was handled in a very positive way. I wrote a letter that was handed to the Dean and became the catalyst for an initiative to identify problems in the OR via the participation of six separate multidisciplinary teams. These teams met once a week for months in an effort to “Create a Perfect Day in the OR.” We produced a one inch thick ring binder of suggestions, but, after holding an OR Retreat at the Inner Harbor in Baltimore in 1997, the project was abandoned without explanation. OR employees felt jaded and exploited when all our hard work produced little more than an elaborate wall exhibit to fool JCAHO inspectors on one of their meticulously choreographed scheduled visits!

That was when the changes in Management signaled a massive shift in priorities and our work environment became a lot more toxic. Instead of solving problems and eliminating frustrations, we were expected to function grossly understaffed. I remained outspoken in a very proactive and positive way, but I was a thorn in the side of new Management until they removed me several years later. Having provided the catalyst for this initiative in the first place, a simply letter of commendation from the Dean for my efforts was not enough; I wasn’t ready to just give up on the project. The real limitation that destroyed the OR Retreat initiative was Managerial sabotage; the initiative threatened the absolute power of Management so it was cancelled. I know that any similar project will suffer a same fate while decision making is still dominated by bloated top heavy Management, but sooner or later the Healthcare industry must scale back on their ludicrous overabundance of Management personnel as it is crippling the safe delivery of patient care.

I thought that the multidisciplinary teams were an excellent idea, but I wanted to see more of a “Think Tank” approach than the standard committee model. What had been absent from the original initiative was the opportunity for an even broader cross-section of the workforce to participate and I believed this could best be accomplished via a data entry program on computer. What I think is needed is a type of electronic suggestion box where everything from new products to patient safety issues can be identified by an employee sitting at a consul answering a series of on-line questions in an anonymous format. Unfortunately I did not posses the programming skills necessary to actually create such a program so it remains a purely hypothetical solution. However, I was very encouraged by the participatory successes and the enthusiasm of our earlier efforts and I believe the concept is still valid.

This concept was presented to the Dean as a follow on from the success of our Retreat, but it went nowhere. I have fine tuned my description of the idea which I gave the inclusive name the “ Kaleidoscope of Innovative Momentum” it can be viewed via this link:
I hope you will review the information presented at the above link and evaluate the practicalities of creating this type of data entry program. If only I could persuade my former Hospital to fully endorse and implement an idea that once showed so much promise to those of us working in the OR at that iconic institution, what a triumph. But I doubt that the Management could ever let go of their campaign of fabricated accusations for long enough to take such a potentially beneficial program on board. Despite all that they have done to defame me, they are more than welcome to it. Shame; their loss!

Michael Martineau said...

It would be interesting to examine how transportation accidents and incidents (trains and planes, for example) are reported and acted upon. It is my understanding that there is a system and process in place in which there is a mandatory reporting requirement for each and every accident/incident. Further, I believe that people who have knowledge of an accident/incident can report this knowledge to a 3rd party for investigation without retribution. Anyone have any further insight into this process?

Michael Martineau
eHealth Practice Lead
Branham Group Inc.

Brendan Seaton said...

To Michael's question... the link in the main post to the Aviation Safety Reporting System takes you the the US Reporting system run by NASA. It provides a good description of the program. Canada has a system called Securitas run by the Transportation Safety Board of Canada. URL is