Saud Juman (sjuman@policymedical.com) is CEO at PolicyMedical in Ontario, Canada. Shawn DeGroot (shawn@compliancevitals.com) is President at Compliance Vitals in Sioux Falls, SD.
Today’s medical business landscape is driving hospitals, systems, and smaller physician groups to partner with other organizations to gain a competitive edge and/or improve efficiency. Almost all these entities will, at some time, consider the possibility of consolidation. Mergers and acquisitions (M&A) in particular are viewed as opportunities to manage cost pressures, improve market position, increase capital access, and bolster infrastructure.
For these partnerships to succeed, however, both the acquirers and acquirees must complete a full, top-to-bottom self-assessment, taking into consideration many aspects of their current operations. One area that is too often overlooked is the process of compliance due diligence. Risk exists without performing compliance due diligence during an M&A, and indeed when entering into any organizational partnership. Furthermore, when companies do not address such matters efficiently, the consequences can be severe, ranging from reduced valuations, legal suits, and government fines. Most important is reputation capital or the erosion of consumer confidence and trust.
Minor infractions, major complications
Minor infractions uncovered during due diligence may include a pending billing issue already under review by the Centers for Medicare & Medicaid Services (CMS), Medicare Administrative Contractors (MACs), or the Office of the Inspector General (OIG). Another infraction might be a privacy breach that the organization hasn’t yet discovered, or one that has been reported to the Office for Civil Rights (OCR) and not yet reported to the entity. Usually such problems can be addressed as they arise; however, an accumulation of issues, or the emergence of more extensive problems, can impact valuation and lead to greater difficulties regarding accountability and liability.
For instance, if the appropriate coding and billing documentation review isn’t performed and a system’s value is overstated due to upcoding, lack of documentation, or an inappropriate hard code in the charge master, overpayments and associated regulatory consequences may be the outcome. More importantly, when the term agreements are based on flawed earnings numbers, the value of the acquisition may be overstated. In all of these scenarios, the question becomes, “Who owns the liability and who is going to pay?”
The non-negligible likelihood of the above scenarios makes it critical to include contract language that clarifies the liability or a waiver of liability for any impropriety discovered within 90 days of the contract effective date. Even with such language in place, compliance due diligence cannot provide a 100% guarantee of identifying all areas of risk.
In the due diligence process, the Legal department plays a key role in protecting an organization by examining pending legal matters against an organization, limitations of liability, and associated concerns in contracts. Conversely, Compliance plays a crucial role in identifying risks and/or gaps within a process or compliance program. If an organization is reliant on manual processes, the compliance due diligence task can be quite daunting. Properly identifying risk and liability can be a complicated process and can lead to delays of the M&A; therefore, collaborating with Legal by establishing clear lines of communication to and from Compliance is key to continue forward movement. If an operation is clearly unorganized, mismanaged, and lacks effective compliance program oversight, the speed of completing due diligence may also lead to a delay with the M&A. Both are at risk of real consequences if accurate information isn’t forthcoming or isn’t detected.
One element that often complicates the due diligence process is when one or both sides do not have adequate time and resources to review important elements thoroughly. In the area of compliance, for example, the review process is more time-consuming when a system is not consolidated within their operational structure. If entities within a system operate independently or in siloes, and the programs, processes, contracts, and policies are de-centralized, additional time will need to be allocated for the compliance review. Modern approaches that include automated management systems that are accessible across a health system can dramatically improve the speed and accuracy of these crucial reviews.
