Skip to main content

Standing exhibit · Adopted 2023-09-04 · Last reviewed 2025-10-22

Whistleblower policy.

If you see something wrong inside this company — clinical, financial, governance, or human — there is a way to say it that protects you. This policy is the way. It is short on purpose. Read it once, and know it exists.

How to report Code of conduct

1. Who this covers.

This policy applies to every director, officer, employee, contractor, vendor, validator institution employee, and clinical-network provider of Conceptual Healthcare Corporation and any Conceptual Health® property. It also applies to patients and their representatives who observe conduct described in Section 2 and choose to report it through these channels; we extend the same anti-retaliation commitment.

2. What you can report.

Anything you reasonably believe to be a violation of law, regulation, this policy, the Code of Conduct, or any other published company policy. Examples — non-exhaustive — include: patient-safety incidents; HIPAA or privacy breaches; falsified Master Equation™ inputs or HCRs; off-spec axis weighting; unauthorized validator-state changes; financial-reporting irregularities; insider trading; bribery, kickbacks, or anti-kickback (42 U.S.C. § 1320a-7b) violations; harassment, discrimination, or retaliation; coercion of clinical judgment; environmental, health, or safety violations; and any conduct involving moral turpitude by an officer or director.

3. How to report.

Choose any channel. Multiple channels are explicit; none is preferred over the others. The company commits to receiving a report on every channel within one business day.

  • Ethics line, operated by NAVEX — 1-800-CHC-ETHIC, 24/7, multilingual, web intake at navexglobal.com/CHC. Operated by an independent third party.
  • Compliance Officecompliance@conceptualhealth.com, monitored by the Chief Compliance Officer.
  • Audit Committee chairaudit-chair@conceptualhealth.com. Use this for any concern involving senior management or the integrity of financial reporting.
  • Patient Ombudspersonombuds@conceptualhealth.com. Independent of management; reports to the Trust Council.
  • Mail — Audit Committee, c/o Corporate Secretary, 720 Harbor Blvd, Destin, FL 32541. Mark "Confidential — to be opened only by addressee."

4. Anonymous reporting.

Anonymous reports are accepted on every channel above. The ethics line and the web intake do not require, and will not request, your name. We cannot follow up with you for additional facts if you do not give us a way to reach you; we strongly encourage but do not require contact. Reports submitted with a name are kept confidential, with disclosure only to the minimum necessary investigators and as required by law.

5. Anti-retaliation.

The company prohibits retaliation against any person who, in good faith, reports a concern through this policy, participates in an investigation, or refuses to participate in conduct they reasonably believe to be unlawful. "Retaliation" includes termination, demotion, suspension, threats, harassment, denial of advancement, undesirable reassignment, performance-rating changes, or any adverse action whose timing is materially correlated with the protected activity. Retaliation is itself grounds for termination of the retaliating employee, including officers.

6. What happens next.

Every intake is logged with a tracking number. Concerns are routed to the Compliance Office for triage; concerns implicating senior management or financial reporting are routed to the Audit Committee chair instead, with the Compliance Office walled off. The investigator commits to acknowledge receipt within five (5) business days, complete preliminary fact-finding within thirty (30) calendar days, and report a disposition (substantiated, not substantiated, or referred for further inquiry) within ninety (90) calendar days where practicable. Substantiated material findings are reported up to the Audit Committee and, where required, disclosed in our SEC filings.

7. External rights preserved.

Nothing in this policy, the Code of Conduct, your offer letter, your separation agreement, or any other company document limits your right to report directly and anonymously to a government agency — including the SEC under Dodd-Frank, OSHA, the EEOC, the DOJ, HHS-OCR, the FTC, or any state regulator — or to your own attorney. You do not need our permission and you do not need to report internally first. The company does not require, and will not enforce, any pre-dispute confidentiality clause that purports to bar such external reporting.

8. Bad-faith reports.

Reports made knowingly false or for an improper purpose (e.g., to harass a colleague, to gain personal advantage in an unrelated dispute) are not protected and may themselves be grounds for discipline. A report that turns out to be unfounded is not, by itself, a bad-faith report; the protection is for the act of reporting in good faith, not for being right.

9. Oversight and metrics.

The Audit Committee receives a quarterly report summarizing intake volume, channel mix, category distribution, time-to-disposition, and any retaliation findings. The Trust Council receives the patient-safety subset of this report on the same cadence. Aggregate metrics are published in our annual 1-K. We do not publish identifying details.