Most healthcare and life sciences companies do not set out to create whistleblowers. Yet many do, often without realizing it. What begins as an internal concern can evolve into something much larger if it is not handled carefully. A question about billing, a concern about a physician relationship, or an issue raised through a compliance channel may seem manageable at first. But once that concern leaves the organization, it can take on a very different character

While many healthcare and life sciences enforcement actions are initiated by regulators, most investigations actually start internally—with a complaint, a billing question, or a concern that something does not look right. The challenge for many organizations is not whether an issue exists. It is deciding what to do next.

The Columbia / New York-Presbyterian Hospital investigation illustrates how organizational culture can shape whether warning signs are surfaced or suppressed. Healthcare organizations operate in complex and highly regulated environments. Ensuring that employees feel empowered to raise concerns—and that those concerns are taken seriously—is one of the most effective ways to identify risks early and prevent harm before it occurs.

On February 12, 2026, the American Health Law Association published Dennis Sapien-Pangindian's bulletin, “Information Blocking Enforcement on the Horizon: Compliance Considerations Under the 21st Century Cures Act." In the bulletin, Mr. Sapien-Pangindian examines the rapidly evolving enforcement landscape surrounding the federal information blocking framework.

For healthcare providers, suppliers, and businesses, few penalties are as devastating as exclusion from Federal healthcare programs. When the HHS Office of Inspector General (HHS-OIG) excludes an individual or entity, they are barred from participating in Medicare, Medicaid, and other federal health programs. This not only cuts off a vital revenue stream but can also damage reputation and cripple operations.

After years of regulatory developments, enforcement is finally on the horizon for information blocking. On September 3, 2025, the U.S....

It’s a moment no business owner wants: a federal agent at the door, a subpoena in hand, or a call from in-house counsel announcing an internal audit that could reveal serious problems. Whether it’s the Department of Justice, the SEC, a state attorney general, or simply your own compliance team uncovering red flags, knowing what to do next is critical.

Discovering potential misconduct in your organization is never easy—but knowing what to do next can make all the difference. Whether you’re an executive, compliance officer, or legal counsel, a critical question follows: How—and to whom—should we report compliance violations?

The 2025 National Healthcare Fraud Takedown was a sweeping enforcement action resulting in charges against 324 defendants across across 50 federal districts and 12 State Attorneys General’s Offices, linked to over $14.6 billion in fraudulent billings to Federal healthcare programs. this takedown offers valuable lessons for compliance professionals tasked with protecting their organizations.

Whistleblower complaints can be uncomfortable. They often raise questions about leadership, culture, or internal controls—and can involve sensitive or high-stakes issues like fraud, harassment, discrimination, or regulatory violations. But how your company handles whistleblower complaints says a lot about its values—and has real legal and reputational consequences.

Internal investigations are one of the most powerful tools companies have to detect, address, and remediate potential misconduct. But they also come with legal risks—especially when it comes to protecting privileged communications.

One of the most powerful tools in a company’s compliance and risk management arsenal is the internal investigation. Handled well, an internal investigation can uncover the facts, preserve trust, mitigate liability, and help the organization move forward. Handled poorly—or delayed too long—it can create legal exposure, reputational damage, and regulatory scrutiny.

Regulators, customers, and business partners increasingly expect companies to show that they not only have a compliance program on paper, but that they have a culture of compliance—one where employees understand the rules and feel empowered to apply them in practice. Training is one of your best tools to build that culture. But to be effective, it must go beyond the basics.

The challenge for smaller businesses is: who owns compliance? You may not have the budget or headcount for a full-time Chief Compliance Officer. But regulators, customers, and partners still expect you to have a credible compliance program.

A strong compliance program is designed to protect your company from legal risk, financial penalties, and reputational harm. But even the best-intentioned organizations can develop compliance gaps—places where policies are ignored, controls are weak, or misconduct goes undetected. Here are some of the most common red flags that your company may have compliance gaps—and what you can do about them.

Compliance is more than just a legal buzzword—it’s a practical, essential part of running a modern business.