Whistleblower protections in Brazil’s healthcare sector: legal frameworks and global comparisons

Thursday 4 December 2025

Anderson Ribeiro
Souto Correa, São Paulo
anderson.ribeiro@soutocorrea.com.br

Paulo Rosito
Souto Correa, São Paulo
paulo.rosito@soutocorrea.com.br

Introduction

In the life sciences and healthcare industries, compliance is critical to safeguarding public health and corporate integrity. As global enforcement intensifies, Brazil has taken steps to strengthen its whistleblower protection framework, notably through the enactment of Decree No. 10,153/2019. This Decree aims to encourage the reporting of misconduct within the federal public administration, including healthcare-related fraud, by protecting the identity of whistleblowers.

Despite its promise, the Decree has yet to produce publicly known cases in the healthcare sector, raising questions about its practical effectiveness and cultural acceptance.

Decree No. 10,153/2019: legal foundations

Enacted in 2019, Decree 10,153 provides mechanisms for protecting whistleblowers who report irregularities within the federal public administration. The key features of the Decree include:

  • anonymity and identity protection: reports can be submitted anonymously, with the person’s identity safeguarded through the use of pseudonymisation techniques aligned with the General Data Protection Law (Lei Geral de Proteção de Dados or LGPD);
  • centralised reporting: the Fala.BR platform, managed by the Comptroller General of the Union (Controladoria-Geral da União or CGU), serves as the official channel for reporting complaints; and
  • scope: the rules apply to federal agencies and state-owned enterprises, including those involved in public healthcare procurement and regulation.

The healthcare sector: real-world compliance challenges in Brazil

While no whistleblower-triggered cases pursuant to Decree 10,153/2019 have been publicly disclosed, Brazil’s healthcare sector has been involved in significant corruption investigations that underscore the need for robust compliance systems. Below are some examples of investigations involving the healthcare sector in Brazil:

  • operation ‘Falso Negativo’ (2020): investigated overpriced public procurement of Covid-19 tests by regional health departments, revealing the occurrence of fraudulent bidding and collusion;
  • medical devices cartel investigations: international companies, including some very famous names, were implicated in cartel practices involving medical device sales to public hospitals;
  • United States Foreign Corrupt Practices Act (FCPA) investigations into equipment sales: some Brazilian subsidiaries were investigated for their possible participation in bribery schemes involving medical equipment sales to Brazil’s public health system; and
  • CGU enforcement trends: in 2024, the CGU initiated 257 administrative proceedings, many involving suspected fraud during healthcare-related bidding and contracts, and began using artificial intelligence (AI) tools to detect irregularities.

Cultural and legal barriers

Despite the legal infrastructure, whistleblowing remains underutilised in Brazil due to:

  • social stigma: whistleblowers are often viewed with suspicion, which discourages reporting even when anonymity is guaranteed;
  • legal gaps: Brazil lacks a comprehensive national whistleblower law covering both the public and private sector, which means that the relevant protections are fragmented and unclear; and
  • institutional constraints: agencies like CGU face resource limitations, and legal disputes have exposed tensions between transparency and due process.

Global Comparisons: US and European models

The US:

  • the US False Claims Act (FCA): enables whistleblowers to file qui tam lawsuits and receive a share of the recovered funds;
  • the US Department of Justice (DOJ) Whistleblower Program: the programme has been expanded to include fraud involving public healthcare programmes and private entities; and
  • transparency: many cases are publicly disclosed, reinforcing deterrence and accountability.

The EU:

  • Directive (EU) 2019/1937, known as the Whistleblower Protection Directive: sets a high standard for whistleblower protection;
  • mandatory reporting channels: for companies with more than 50 employees;
  • broad scope: covers public procurement, product safety and healthcare; and
  • anti-retaliation measures: strong legal safeguards for whistleblowers.

Conclusion

For life sciences and healthcare companies operating in Brazil, Decree 10,153/2019 represents a foundational, but still underutilised, tool in the compliance ecosystem. While the legal framework exists, the absence of publicly known whistleblower cases and persistent cultural and institutional barriers suggest that whistleblower protections remain more theoretical than operational.

In this context, companies must go beyond mere legal awareness. A robust compliance programme, one that includes internal reporting channels, clear anti-retaliation policies and regular training, is essential to foster a culture of integrity and accountability. These systems not only help detect and prevent misconduct, but also demonstrate a company’s commitment to ethical practices, which is increasingly valued by regulators, investors and the public.

Moreover, given the complexity of Brazil’s regulatory landscape and the evolving nature of whistleblower protections, companies should consider engaging specialised legal counsel to assess the risks, design effective compliance structures and respond appropriately to internal reports. Legal expertise can be particularly valuable in navigating interactions with public entities, such as the regulatory agencies (eg, the National Health Regulatory Agency (Agência Nacional de Vigilância Sanitária or ANVISA), the National Regulatory Agency for Private Health Insurance and Plans (Agência Nacional de Saúde Suplementar or ANS) or Drug Market Regulation Chamber (Câmara de Regulação do Mercado de Medicamentos or CMED), and with the Ministry of Health, where procurement, pricing, reimbursement and other activities are subject to intense scrutiny.

As global standards continue to evolve, and enforcement becomes more data-driven and collaborative, companies that invest in proactive compliance and legal preparedness will be better positioned to mitigate risks and uphold their reputational and operational integrity.

International Bar Association 2025 © Privacy policy Terms & conditions Cookie Settings Harassment policy

International Bar Association is incorporated as a Not-for-Profit Corporation under the laws of the State of New York in the United States of America and is registered with the Department of State of the State of New York with registration number 071114000655 - and the liability of its members is limited. Its registered address in New York is c/o Capitol Services Inc, 1218 Central Avenue, Suite 100, Albany, New York 12205.

The London office of International Bar Association is registered in England and Wales as a branch with registration number FC028342.