Print Page   |   Contact Us   |   Sign In
E-Briefings – Volume 16, No. 6, November 2019

Welcome to The Governance Institute’s E-Briefings!

This newsletter is designed to inform you about new research and expert opinions in the area of hospital and health system governance, as well as to update you on services and events at The Governance Institute.

Click here to download the full PDF version.

Healthcare Leaders Are Treating Symptoms of Reputational Risk, Not Causes

When a misstep or a mishap occurs in the delivery of care, it affects people’s lives and it invariably generates public attention—particularly in an era when social media enables small numbers of individuals to devastate corporate or institutional reputations. This article discusses why organizations that invest in reputation risk management as a strategic enterprise-wide risk, and not just a marketing problem, will see a return on investment through lower cost of debt capital, lower cost of operations, and overall enterprise health.

Read More

Collapse Article

By Nir Kossovsky, M.D., CEO, Steel City Re

Key Board Takeaways

  • Have processes in place to protect against reputational damage. Lawsuits against board members citing reputational damage have increased, as have forced board departures in the face of corporate controversies. It is board members and senior executives who will be held personally accountable—legally and in the court of public opinion.

  • Define the organization’s stakeholder groups and make sure you understand their expectations. Those definitions and expectations can change at any time, so this should continually be monitored.

  • Ensure reputation risk is managed by risk managers. Risk managers already work across organizational silos to identify, minimize, and protect against enterprise risks. Your risk managers should understand the peril’s sources, the potential costs, and the full spectrum of operational and financial strategic options to mitigate the losses from disappointed stakeholders.

  • Assess whether your organization is engaging in unrealistic, aspirational marketing. This can increase reputation risk. The more stakeholders expect, the greater the disappointment and anger arising from institutional failure.

  • Remember that marketing isn’t risk management. Marketing isn’t good reputation risk management nor reputation insurance, but good reputation risk management backed by reputation insurance is powerful marketing.

Healthcare is an industry everyone feels connected to and familiar with. When a misstep or a mishap occurs in the delivery of care, it affects people’s lives and it invariably generates public attention—particularly in an era when social media enables small numbers of individuals to devastate corporate or institutional reputations.

Reputation is a vital asset to healthcare organizations. It influences patients to seek services, professionals to supply labor, creditors to issue debt, philanthropists to donate, and regulators to apply a soft touch. Reputation also reflects on an institution’s leadership, in that reputation risks—the perils of economic damage from angry disappointed stakeholders—can become a personal matter for the C-suite and board.

But the pathophysiology of reputation risk is often misunderstood by directors and their healthcare institutions.

Reputation risk is not merely a peril of negative media, or more narrowly, a low ranking on U.S. News and World Report. Rather, it is a state of being where a gap exists between expectations and actual performance. It encompasses enterprise-wide operational and governance perils that should be treated by risk managers with board oversight. It requires carefully defining the organization’s stakeholder groups and understanding their expectations. It also requires recognizing that those definitions and expectations require constant monitoring and can change at any time.

One day, physicians are prescribing a fully FDA-approved medication with gusto; the next, you’re portrayed as partially to blame for a national addiction crisis. At some point, who the stakeholders were—and what they expected—changed. Addiction had become a crisis in America, opioids were part of it, and healthcare organizations and pharmaceutical companies found themselves in great reputational peril.

These are not situations that can be addressed with savvy marketing. Marketing is not risk management. Aspirational, feel-good marketing campaigns will not protect reputations from the hazard of angry, disappointed stakeholders whose expectations have not been met.

Investing institutional resources in treating a symptom of reputation risk—negative media coverage—without addressing the causes, actually puts reputations at further risk. In the corporate world, boards are learning this lesson the hard way. Nine out of 10 S&P 500 companies cite reputation as a material risk in their public filings, but most put the responsibility of reputation risk management into the hands of their marketing departments. The result: according to the Financial Times specialist service, “Agenda,” 25 complaints alleging, at least in part, board-level responsibility in connection with corporate reputational damage were filed or amended in federal court in the trailing 12 months from June 2019. Only six cases were filed in the preceding year.

Activist investors and plaintiffs’ lawyers know when stakeholders have had their expectations raised unrealistically—and corporate leaders are becoming the targets of these litigations and proxy fights. Healthcare leaders face those same risks.

Take for instance, the headline about colleagues across the pond: “Patients put at risk by ‘aggressive’ treatment at Great Ormond Street [Hospital]” (GOSH).1 It’s a headline any healthcare institution that values its reputation would dread. The exposé alleged that for seven years the “children’s hospital unnecessarily gave patients potentially dangerous drugs, subjected them to invasive tests, and wrongly diagnosed them with a rare allergy” and that its own “staff and other NHS medics believe the gastroenterology team over-investigates and over-diagnoses.” Three months later, the hospital was in the news again for diverting health service funds to pay for reputation management lawyers hired to respond to the previous story.2

But The Guardian’s exposé merely amplified the gap between stakeholder expectations and experience. By responding to the exposé, and not stakeholder expectations, the hospital’s media-centric marketing effort, and involvement of lawyers, surprised a wider range of stakeholders including donors and possibly regulators. This surprise—a response to an unexpected experience—triggered yet even more media amplification and a third exposé linking the hospital’s crises to other examples of charities questionably using funds in reputational crisis situations.

The situation GOSH found itself facing is one almost every healthcare delivery system today in the U.S. can appreciate. Patients expect high-quality care. A clinical team with the potential to go rogue can be a devastating shock to those expectations. If revenues sink as a result, the burden will be compounded by the cost of capital, separating personnel, renegotiated contracts, financial restructurings, and a decline in patients’ experience.

What’s necessary is not the kind of story a marketing team usually tells, but rather a story about governance, enterprise operations, and risk management. It is a story told through reputational warranties and defenses, such as bonds and insurance products with real risk transfer, based on third-party analysis of corporate systems, processes, and governance. The expressive value of such analysis and coverage, when underwritten based on sound principles, provides assurance that healthcare leaders and their provider system’s reputation is strong, resilient, and less likely to sustain serious damage from attacks. And it makes them less of a target to regulators and litigators.

Just as a doctor promotes the overall health of a patient by using knowledge of disease pathophysiology to treat the root causes, not just the symptoms, healthcare institutions that invest in reputation risk management as a strategic enterprise-wide risk, and not just a marketing problem, will see a return on investment through lower cost of debt capital, lower cost of operations, and overall enterprise health.

The Governance Institute thanks Nir Kossovsky, M.D., CEO of Steel City Re, for contributing this article. He can be reached at

1 Melanie Newman and Denis Campbell, “Patients Put At Risk By ‘Aggressive’ Treatment at Great Ormond Street,” The Guardian, April 14, 2018.

2 Jim Waterson, “Children's Hospital Spent £130,000 on ‘Reputation Management’ Lawyers,” The Guardian, July 24, 2018.

Board Best Practices for Assessing Strategic Options

The strategic and operating challenges facing hospital leaders have grown in complexity and acuity. Missing cues or deferring a critical conversation regarding strategic and operating risks, or the relevance and effectiveness of the organization’s strategic plan and performance to plan, can prove costly. This article discusses steps the board should take to develop, implement, and maintain a strategic plan in order to avoid strategic drift and adverse outcomes.

Read More

Collapse Article

By Gary Herschman, Esq., Member and Director, Epstein Becker & Green, and Jeffrey Sommer, M.P.P., Managing Director, Stroudwater Associates

Key Board Takeaways

Annually assess whether the organization is “on track” with its strategic plan. If it’s not on track, management should develop an action plan to address sources of variance or update the strategic plan.
Annually assess the organization’s strategic risk profile. If adverse changes are mounting, management should develop an action plan to address these risk factors.
Depending on the results of the above assessments, the organization may need to conduct a fresh assessment of its short-term and long-term strategic options:
  • Consider strategic options such as:

Continued independence, with a robust plan to address “gaps” in performance
Partnering, with a focus on addressing needs to enable the organization to survive so that it can achieve its mission into the future
Alternative strategies to access specific benefits to improve strategic position
  • Develop a set of strategic objectives to guide the review of alternative options, given identified risks and performance gaps.

  • Don’t wait until there is unanimous board agreement that “something must be done” to explore strategic options—the best time is when you do not have a pressing need to do so. Otherwise, you will have less leverage to achieve favorable terms and to preserve your mission.

  • Keep in mind that very few organizations can afford to pursue a “status quo” option. Dynamic and transformative changes in payment, technology, consumerism, regulatory schemes, and competitive forces, including new entry by large, well-capitalized market disruptors, each pose significant risks, and together present extremely formidable challenges that must be fully considered and carefully addressed.

For healthcare organizations with depleted balance sheets, deteriorating operating performance, and compromised market position, today’s industry environment is unforgiving. At the same time, the strategic and operating challenges facing hospital leaders have grown in complexity and acuity. Missing cues or deferring a critical conversation regarding strategic and operating risks, or the relevance and effectiveness of the organization’s strategic plan and performance to plan, can prove costly.

These issues lie at the intersection of governance and management. To avoid strategic drift and adverse outcomes, the board must approve the development of a strategic plan, ensure its implementation, monitor its continued effectiveness, and in so doing, identify, analyze, and respond to enterprise and operational risks. Yet, all too often hospital and health system boards fail to re-evaluate their long-term strategy regularly, monitor their performance to plan, or assess how the organization’s risk profile has evolved. If the board is not performing these key roles annually, it is easy to miss critical cues regarding mounting strategic risks and growing variances to plan in the quickly evolving and highly competitive healthcare marketplace.

Key Steps When Revisiting the Strategic Plan

The first step in evaluating a strategic plan, performance to plan, or a hospital/health system’s risk profile is to develop a common fact base. Charging the strategic planning committee with overseeing this work is sound practice. The strategic planning committee should convene on a quarterly basis to monitor this work throughout the year. Once or twice per year, as circumstances warrant, the committee should report to the board to identify perceived challenges/issues and proposed responsive action items (options) for board consideration.

The common fact base should provide relevant operating, financial, clinical, and market data and findings available to provide the information necessary to make informed decisions. Ideally, long-term trends should be analyzed to reveal changes that may not be readily apparent when comparing year-over-year results.

Gaps from necessary levels of performance on quality, cost, financial, and operating metrics should be noted and evaluated. If the execution or the effectiveness of the organization’s strategic plan is in doubt, or if there have been notable adverse trends in the organization’s risk profile over the most recent five years, then it is critical to reassess the organization’s strategic options.

The perspectives of key stakeholders should be gathered to ensure that an appropriate range of perspectives and insights are heard by the board. These perspectives, coupled with findings developed from the common fact base, will inform development of a set of strategic objectives—both short-term and long-term—for the organization. These objectives guide board decision making and will help leadership evaluate alternative strategic options by considering (among other things) the following questions:

  • What is the extent of the gap between current performance and the threshold of performance required to attain our strategic objectives?

  • Which strategic option will best enable the organization to achieve its strategic objectives, and thereby survive and thrive so that it can sustain its mission into the future?

There is no risk-free option available to hospitals and health systems. For example, a partnering strategy introduces partner risk: is the partner truly strategically aligned and will they deliver on their commitments? On the other hand, remaining independent (as a solo hospital or small health system) usually requires substantial capital and entails multiple challenging execution risks due to the dynamic and constantly changing competitive environment. Defining the options and evaluating the trade-offs are the core components of a strategic options analysis.

Moving Forward Despite Uncertainty

The current environment of industry-wide transformation involves a significant level of uncertainty. There likely will be aspects of each strategic option, as well as associated risks and benefits, that are unknowable. Adhering to a disciplined, well-reasoned exploration process, gathering available facts and stakeholder perspectives, and gaining insight into key market and organizational trends are all essential in fulfilling the board’s fiduciary role; however, there is no set of analyses and findings that will remove all risk and uncertainty from board decision making.

Because time is never a neutral factor, waiting for unanimity around the board table or certainty that a strategic direction is “absolutely right” can be a dangerous approach. Annual assessment of the organization’s risk profile, strategic plan, and performance to plan provide an essential set of tools for the board grappling with uncertainty and risk. Based on the results of these assessments, an organization can determine whether it is time to re-evaluate its strategic options.

The Governance Institute thanks Gary Herschman, Esq., Member and Director, Epstein Becker & Green, and Jeffrey Sommer, M.P.P., Managing Director, Stroudwater Associates, for contributing this article. They can be reached at and

The “Discriminating-Patient Paradox”: Policies for Addressing Patients with Discriminatory Physician Preferences

Healthcare entities are generally aware of their obligations not to discriminate against patients or their employees. However, patients also may have discriminatory biases when it comes to their healthcare providers, and the legal risks associated with this type of discrimination are becoming more pressing. This article highlights three policy approaches for addressing this issue and considers the associated benefits and risks, with legal and business practicality in mind.

Read More

Collapse Article

By Anna Timmerman, Partner, Dawn Stetter, Counsel, Zoe Simon, Associate, and Michael Paluzzi, Associate, McGuireWoods, LLP

Key Board Takeaways

The board and management must work together to support medical staff and establish clear policies against discrimination. The following is a list of key takeaways for boards to consider when addressing the discriminating-patient paradox:

  • Establish training for medical staff to recognize discriminatory behaviors and to react properly, whether through a top-down, bottom-up, or (almost) zero-tolerance model.

  • Have management engage with patients to understand their justifications for discriminatory behaviors.

  • Set guidelines for management to restaff or to counsel patients on the benefits of staying with their current attending physician or other provider.

  • Understand the legal framework that governs employment discrimination through continuing education, and be sure that the compliance officer understands these concepts.

  • Encourage open dialogue and include medical staff on policy improvement teams.

Healthcare entities are generally aware of their obligations not to discriminate against patients or their employees. However, patients also may have discriminatory biases when it comes to their healthcare providers, and the legal risks associated with this type of discrimination are becoming more pressing. According to a 2017 survey, 59 percent of physicians received offensive comments from patients about the physician’s personal characteristics.1 These situations create difficult decisions for healthcare entities, especially in a regulatory regime that may condition some Medicare reimbursement on positive patient satisfaction. Providers who adjust staffing to comply with patients’ discriminatory preferences may risk litigation but save their ratings; providers who refuse to comply may mitigate litigation risk but could sacrifice ratings. This creates, what we call, the “discriminating-patient paradox.”

This article highlights three policy approaches for addressing this paradox and considers the associated benefits and risks, with legal and business practicality in mind.

How the Law Considers Patient Preferences and Discrimination

Employment discrimination is governed by various federal and state laws, including, for example, Title VII of the Civil Rights Act of 19642 and the Age Discrimination in Employment Act. Generally speaking, these statutes require a plaintiff alleging discrimination to prove two elements: 1) discriminatory intent on the part of the employer and 2) an adverse employment action.3 In some instances, employers might argue that they should be able to make decisions based on an individual’s protected characteristics because such decisions are reasonably necessary for business operations. The Equal Employment Opportunity Commission (EEOC) (the agency responsible for overseeing federal employment discrimination laws) recognizes this so-called “bona fide occupational qualification” (BFOQ) defense and has issued regulations surrounding its use.4 The BFOQ defense exception, however, is narrow5 and customer preferences do not support a BFOQ defense.6 The healthcare context is unique, though, which may lend for a more robust application of the BFOQ defense.7 For example, a patient may have justifiable reasons to express concern about his/her physician’s protected trait for reasons related to safety or privacy (e.g., a female patient may prefer a female OB/GYN). Still, complying with such a request can be a form of employment discrimination. Simply put, the law is vague, and its application to the discriminating-patient paradox is not cut and dry. Rather, addressing these issues requires an adept management team to consider all angles of patient preferences on a case-by-case basis.

Trying to Solve the Discriminating-Patient Paradox

There are dangers associated with focusing too narrowly in this context. While the above analysis may suggest a simple solution—adapt when safety or privacy are implicated, otherwise refuse—these decisions do not exist in a legal vacuum. Physician culture is well aware of matters regarding patient preferences,8 thus placing relevant administrative policies under the microscope. Providers should consider all possible policies to best mitigate risk while maintaining patient-centered care.

Policy 1: The Top-Down Approach

In a top-down approach, leadership directs whether the entity will comply with patient preferences. While this model aligns with traditional business strategy, it creates obvious vulnerabilities.9 Cutting physicians out of the decision-making process creates significant physician employment discrimination litigation risk. However, this approach is not without value. It may be necessary in situations where streamlining is crucial, like when a patient presents with emergent needs or safety is otherwise implicated. It also removes the blurred line associated with other approaches, which favor a case-by-case determination of need.

Policy 2: The Bottom-Up Approach

In a bottom-up approach, leadership does not dictate compliance but rather motivates physicians to work together to make necessary coverage adjustments for the betterment of the patient, which are then communicated up to management. This model mitigates risk of litigation by removing the potential adverse employment action from the hands of the employer. Moreover, this approach supports clear communication between management and physicians. However, physicians may not efficiently make adjustments, if at all, in the face of discrimination. This approach requires robust training and aligned perspectives between management and physicians, otherwise it risks creating a culture of pressure on physicians to voluntarily comply with discriminatory orders, which both decreases morale and signals to courts that this may be a disguised top-down approach, thus eliminating any benefits associated with passing the decision-making power to physicians.

Policy 3: The (Almost) Zero-Tolerance Approach

An (almost) zero-tolerance policy can take two forms. First, a provider could acknowledge a patient’s discriminatory preference and counsel him/her on finding care elsewhere. Second, a provider could disregard the preference and continue care. This hardline policy has physician support but increases the risk of poor patient satisfaction ratings and must include some limited flexibility, which can be difficult to balance and may need to be cleared with physicians.10 Management would need to weigh the business and legal risks. Note that any policy that contemplates transferring patients to another provider must consider whether any laws, like patient self-referral laws, etc., restrict such actions.

Key Takeaway: No One-Size-Fits-All Approach

The issues associated with the discriminating-patient paradox are complex, and no one policy solves the problem. Many practices would likely benefit from a hybrid policy, one which employs each approach under different circumstances.

Regardless of the approach used, the goal is to strengthen the relationship between management and medical staff to prevent discrimination that impedes providers’ mission of patient-centered care. To encourage this kind of partnership, management should 1) maintain constant communication with physicians to gauge perspectives, 2) require training and mandatory reporting on discriminating patients and always thoroughly investigate patients’ reasons for refusing care from a particular physician, 3) take a proactive approach, and 4) seek counsel from an attorney for further guidance on the legal and practical effects of any policy or decision.

The board’s role in circumstances of discrimination is to set policies and oversee their efficacy, and it is management’s role to implement those policies. Consequently, the board must regularly engage with management on the entity’s anti-discrimination efforts and maintain an open dialogue to ensure policy compliance and effectiveness. The board should receive regular compliance updates regarding 1) the occurrence of a discriminating patient, 2) how medical staff or management responded to said occurrence, 3) legal changes that affect the possibility of restaffing (e.g., justifications related to privacy and security), and 4) management and medical staff’s reaction to internal discriminating-patient policy. An open discussion among the board, management, and medical staff will not only strengthen the policy, but also unite these levels of leadership.

The Governance Institute thanks Anna Timmerman, Partner (Chicago,, Dawn Stetter, Counsel (Chicago,, Zoe Simon, Associate (Washington, D.C.,, and Michael Paluzzi, Associate (Chicago,, at McGuireWoods, LLP for contributing this article. The information provided in this article does not, and is not intended to, constitute legal advice; instead, all information in this article is for general informational purposes only. Readers should contact their attorney to obtain advice with respect to any particular legal matter.

1 Bob Tedeschi, “6 in 10 Doctors Report Abusive Remarks from Patients, and Many Get Little Help Coping with the Wounds,” STAT, October 18, 2017.

2 Title VII protects against discrimination on the basis of race, color, sex, religion, and national origin. This article does not address patient discrimination with respect to a physician’s possible disability, which would be governed in part by other laws.

3 This is a diluted version of the standard McDonnell Douglas framework: McDonnell Douglas Corp. v. Green, 411 U.S. 792 (1973). The difficulty with applying this framework here is that the patient expresses discriminatory intent, but the employer takes action. The consensus is that when an employer complies with a customer’s clear discriminatory intent, it shares in that intent for the purpose of this analysis. While this may incentivize employers to inquire less robustly into the intent of patients when stating preferences, best practice is always to inquire thoroughly.

4As noted, there are state laws that prohibit employment discrimination as well, but not all states may recognize the existence of a BFOQ defense and so results may differ under state law.

5 Dothard v. Rawlinson, 433 U.S. 321, 333 (1977). The BFOQ defense only extends to certain types of discrimination and generally does not include race.

6 29 C.F.R. § 1604.2(a)(1)(iii),(2).

7 The EEOC often cites safety, privacy, and authenticity as the prevailing supports for accepting customer preferences. Consider a patient who has suffered sexual abuse by someone of a particular sex and doesn’t want a physician of that sex. While discrimination against a particular sex would be unsupportable, this situation may transcend that standard.

8 As evinced by the recent #WhatADoctorLooksLike social media movement.

9 See Chaney v. Plainfield, 612 F.3d 908 (7th Cir. 2010) (in which a black certified nursing assistant was prohibited from caring for a white resident, and the nursing facility was found to have violated Title VII).

10 Physicians may support a zero-tolerance policy because it is a hard line against discrimination and indicates that a provider supports and appreciates its physicians by not tolerating patients’ discrimination towards them. See, e.g., Paula S. Katz, “Doctors-in-Training Dealing with Discrimination,” ACP Internist, April 2017. Patients may be more willing to accept the physician they receive if they understand the entity won’t tolerate any discriminatory intent.