Skip to Content
Mark Zajac
November 16, 2010 Article 2 min read

Executive summary

The Sarbanes-Oxley Act of 2002 (SOX) is no longer limited only to public organizations that file financial statements with the Securities and Exchange Commission (SEC). SOX has been undertaken successfully by many private organizations, including hospitals and not-for-profits. Over the years, this unprecedented corporate governance legislation has been adapted, to some extent, in its applicability as a best-in-class corporate governance methodology. Fully implemented SOX addresses many aspects of corporate governance that are not applicable to the private sector such as analyst conflicts of interest and, to some extent, auditor independence. There are, however, significant portions of the legislation that apply on a one-for-one basis to healthcare providers. The healthcare industry should look to these portions to serve as a corporate governance best practice.

This article will evaluate the applicability of SOX in the healthcare industry and provide the reader with a historical foundation of the law and best practices that can applied within a provider setting.


It’s hard to believe it was over eight years ago, on July 30, 2002, when the most sweeping corporate responsibility and financial reporting legislation since the Great Depression was signed into law by President Bush. Senator Paul Sarbanes and Representative Michael Oxley crafted the Act and Congress delivered it to American business in an unprecedented timeframe in the wake of the Enron scandal.

The primary objective of SOX was to reign in corporate irresponsibility and restore investor confidence in big business. It also provided investors with a level of transparency never before imagined. In short, the days of using creative accounting techniques to misrepresent corporate profitability and financial position were over. Corporate America was introduced to an entirely new set of ideas which included accountability, transparency, and independence.

For the uninitiated, SOX was a far-reaching corporate legislation that affected everyone from financial executives and Board members to auditors and shareholders of public companies in the U.S. When I first heard of SOX, my initial reaction was that it was going to be expensive and companies were going to find creative ways to not do it, or do it the way they wanted. Well, I was 50 percent right. Companies did fully comply with it, and it was incredibly expensive.

Although the new rules were strict, enforceable, and, not to mention, expensive, no one will argue that SOX did not help corporate America achieve a level of accountability, transparency, and independence that was so desperately needed. Although the original law specifically catered to larger-sized public companies known as “accelerated filers,” its applications and “spirit” to the private sector can no longer be discounted. Public companies with large amounts of public capital at stake were the primary audience of SOX. As the thinking goes, these were the organizations that had the most profound effect on the American public (voting public that is) since the public held directly or indirectly equity (or debt) stakes in these companies.

But what type of capital-at-stake does the healthcare industry hold? Most healthcare providers do not have stocks or bonds issued to the public, and most cannot be purchased for your 401k (or 403b) plan at work. Therefore, healthcare providers do not satisfy the definition of “too big to fail” and thus are not considered to be “at risk.” Keeping the aforementioned in mind, why should healthcare providers voluntarily comply with Sarbanes-Oxley? Easy. It’s what your stakeholders would want you to do, it is the right thing to do, and there are many benefits to following the best practices guidelines set forth within SOX.