1.1. This Policy on Reporting and Responding to Compliance Issues (this “Policy”) applies to all Personnel of ICU Medical, Inc., and its subsidiaries (“ICU Medical” or the “Company”) and sets forth the duties and responsibilities of ICU Medical Personnel to report and raise Compliance Issues. This Policy also articulates ICU Medical’s commitment to prohibit retaliation against or intimidation of any ICU Medical Personnel who reports or raises, in good faith, a Compliance Issue or who provides information for an investigation or investigates such matter. This Policy also describes ICU Medical’s process for responding to a report of a potential Violation, including processes for tracking, investigating, and taking disciplinary actions, corrective actions and other remedial actions for each matter, as appropriate.
2.1. For purposes of this Policy, these terms have the following meanings:
2.1.1. “Compliance Issue” includes any question, concern or issue related to ICU Medical’s Code of Conduct and Business Ethics (the “Code”), ICU Medical’s policies and procedures, ICU Medical’s financial accounting, internal controls and auditing practices, and applicable laws, regulations and industry guidelines.
2.1.2. “Disclosure Program” means ICU Medical’s program enabling and encouraging ICU Medical Personnel to report and raise Compliance Issues and disclose any potential Violations, including through ICU Medical’s Anonymous Reporting Hotline.
2.1.3. “ICU Medical Personnel” includes ICU Medical officers, directors and full-time, part-time, temporary, and contract employees of ICU Medical.
2.1.4. “Violation” means an act or omission that violates the Code, ICU Medical’s policies and procedures, ICU Medical’s financial accounting, internal controls and auditing practices, and applicable laws, regulations and industry guidelines, including any act or omission that may put ICU Medical at risk for regulatory or compliance scrutiny, or legal action.
3.1. This Policy is applicable to all ICU Medical Personnel. In addition, ICU Medical strongly encourages third parties, including vendors and contractors of ICU Medical, to report and raise Compliance Issues.
4.1. Reporting Responsibilities
4.1.1. ICU Medical Personnel are responsible for promptly reporting and raising any Compliance Issues.
4.2. Culture of Compliance
4.2.1. All ICU Medical Personnel who have supervisory or management responsibilities and/or are members of Human Resources, Finance, or the ICU Medical Legal department are expected to foster a culture of compliance and ethics; create a culture that enables ICU Medical Personnel to comfortably report and raise any Compliance Issues; and keep an “open-door” policy to encourage ICU Medical Personnel to report and raise any Compliance Issues.
4.3. Prohibition Against Retaliation
4.3.1. ICU Medical does not permit retaliation against or intimidation of any ICU Medical Personnel who has reported or raised, in good faith, any Compliance Issues or any ICU Medical Personnel who provides information in an investigation or investigates any potential Violation.
4.4. Oversight by the Audit and Compliance Committee
4.4.1. The Audit and Compliance Committee of the Board of Directors of ICU Medical (“Audit and Compliance Committee”) is responsible for oversight and governance of compliance-related matters, including oversight over ICU Medical’s Disclosure Program and ensuring prompt and appropriate responses to potential Violations. The ICU Medical Compliance Officer who has operational control over the Disclosure Program is subject to oversight by the Audit and Compliance Committee.
5.1. Reporting Process
18.104.22.168. By calling ICU Medical’s anonymous and confidential toll-free reporting hotline (“ICU Medical’s Anonymous Reporting Hotline”) at 1-844-330-0007;
22.214.171.124. By email to firstname.lastname@example.org (must include Company’s name in the report);
126.96.36.199. By web submission at https://www.lighthouse-services.com/icumed or at https://www.lighthouse-services.com/icumed/incidentLandingPageV3-WorldwideEnglish.asp;
188.8.131.52. By contacting a direct supervisor, a direct supervisor’s manager, a member of Human Resources, the ICU Medical Legal department or Finance, or such other ICU Medical Personnel with whom they feel comfortable consulting; and
184.108.40.206. ICU Medical Personnel located in EU shall be subject to local applicable laws and their use of ICU Medical’s Anonymous Reporting Hotline should be in accordance with any related privacy notices that may be provided by ICU Medical, Lighthouse-Services or otherwise.
5.1.2. ICU Medical discourages the use of social media for reporting or raising any Compliance Issues.
5.1.3. ICU Medical shall publicize the existence of the Disclosure Program, including ICU Medical’s Anonymous Reporting Hotline, via periodic e-mails to ICU Medical Personnel, posting information on ICU Medical’s infonet, posting information in facility common areas, through references in the Code, during compliance training and other means, as appropriate.
5.1.4. All ICU Medical Personnel who receive a report of a Compliance Issue, whether verbally or in writing, are required to communicate such report to the Compliance Officer or Compliance Officer’s designee.
5.1.5. To the extent allowed by law and as appropriate, ICU Medical shall protect the identity of individuals who request anonymity when reporting a Compliance Issue.
5.2. Receipt of Reports
5.2.1. All reports of Compliance Issues through all reporting channels shall be reviewed by the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee.
5.2.2. Upon receipt of a report, the ICU Medical Compliance Officer or ICU Medical Compliance Officer’s designee shall review the report to determine whether further review or investigation should be conducted. The ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall ensure that all substantiated reports of a potential Violation will be investigated.
5.2.3. If a report concerns a Compliance Issue involving an ICU Medical officer or director, the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall provide a summary of the report to the Chairperson of the Audit and Compliance Committee. The Chairperson of the Audit and Compliance Committee may engage outside experts to assist with review, investigation or other actions, as appropriate.
5.3. Investigation Process
5.3.1. The ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall initiate and oversee, with the assistance of Human Resources, Finance and the ICU Medical Legal department, all investigations, as necessary and appropriate.
220.127.116.11. Each matter shall be referred to the appropriate department within ICU Medical to investigate or assist with investigations, as appropriate. For example:
(a) Reports involving employment/workplace issues shall be sent to Human Resources;
(b) Reports involving accounting/financial issues shall be sent to Finance/Internal Audit; and
(c) Reports involving manufacturing issues shall be sent to Regulatory.
18.104.22.168. Outside experts, including accounting experts, can be brought in, as needed and appropriate.
22.214.171.124. Depending on the facts and circumstances, including nature and severity of the potential Violation, the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall consider using the Legal department and/or outside legal counsel to assist in conducting an internal investigation under attorney-client privilege.
5.3.2. The nature and scope of the investigation will vary according to the facts and circumstances, but each investigation should be sufficiently detailed to identify the root cause of the concern.
5.3.3. Investigations shall be treated in as confidential a manner as appropriate under the circumstances.
5.3.4. All ICU Medical Personnel shall fully cooperate with all compliance investigations and keep the fact that the investigation is being conducted as well as anything discussed confidential.
5.4. Remedial Actions
5.4.1. Disciplinary Actions
126.96.36.199. If the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee, in consultation with the ICU Medical Legal department, as appropriate, determines that ICU Medical Personnel has committed a Violation, in consultation with Human Resources, ICU Medical shall take all appropriate disciplinary action up to and including termination, such as coaching or training; oral or written warning; suspension; demotion; reduction in compensation; and termination.
188.8.131.52. The severity of the disciplinary action will depend on the facts and circumstances, including:
(a) The nature and severity of the Violation;
(b) The authority of the individual involved;
(c) The individual’s history with respect to compliance;
(d) Whether the individual self-reported the conduct; and
(e) Whether the individual cooperated with the investigation.
5.4.2. Corrective Actions
184.108.40.206. If the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee, in consultation with the ICU Medical Legal department, as appropriate, determines that there has been a Violation, ICU Medical shall take all appropriate corrective actions to correct any deficiencies and prevent similar future Violations, including conducting compliance training, implementing formal corrective action plans and such other appropriate measures to improve or modify performance, processes, or policies and procedures.
220.127.116.11. Business, as appropriate, shall consult with the ICU Medical Legal department to develop and implement appropriate corrective action plans, which shall be reviewed, approved, and monitored to completion by the ICU Medical Compliance Officer.
5.4.3. Additional Remedial Actions
18.104.22.168. ICU Medical may take such other remedial actions, as appropriate.
22.214.171.124. If the ICU Medical Compliance Officer, in consultation with the ICU Medical Legal department, determines that there has been a Violation of law, ICU Medical shall take remedial actions, including reporting to the governmental and regulatory authorities, as appropriate.
5.5. Prohibition on Retaliation
5.5.1. ICU Medical Personnel may not be discharged, demoted, suspended, threatened, harassed or discriminated against for reporting and raising, in good faith, any Compliance Issues, or for providing information in an investigation or assisting in investigating a potential Violation.
5.5.2. Any ICU Medical Personnel who believes retaliation or intimidation is occurring or has occurred must report the concern promptly.
5.5.3. Any ICU Medical Personnel who engages in retaliation or intimidation in violation of this Policy shall be subject to disciplinary action, as appropriate.
5.6. Reporting to the Audit and Compliance Committee
5.6.1. On a quarterly basis, the ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall provide a summary report of Compliance Issues, including numbers and types of Compliance Issues reported through all reporting channels, numbers of non-substantiated and numbers of investigated matters, status of investigations, and disciplinary, corrective and other remedial actions taken, to the Audit and Compliance Committee.
5.7.1. The ICU Medical Compliance Officer or the ICU Medical Compliance Officer’s designee shall maintain documentation regarding all reported Compliance Issues, including the following:
126.96.36.199. Log of all reports of Compliance Issues through all reporting channels, including status and disciplinary, corrective or other remedial actions;
188.8.131.52. Scope, findings, and recommendations of investigations;
184.108.40.206. Any work papers, interview notes and other documents generated as part of an investigation; and
220.127.116.11. Any records that are attorney-client privileged, in secure fashion.
6.1. ICU Medical shall maintain all documentation required under this Policy in its records for a period of no less than four (4) years.
7.1. This Policy, together with supporting documentation and records required by it, is subject to periodic auditing and monitoring.
8.1. Any exceptions to the requirements of this Policy must be approved by ICU Medical’s Compliance Officer.