The importance of healthcare due diligence in healthcare transactions

Randi E. Seigel

Randi E. Seigel

Randi E. Seigel (rseigel@manatt.com, linkedin.com/in/randi-seigel-b1676a5/) is a Partner in the New York City office of Manatt, Phelps & Phillips LLP.

Michael J. Herrmann

Michael J. Herrmann

Michael J. Herrmann (mherrmann@manatt.com, linkedin.com/in/michael-herrmann-11788a103/) is an Associate in the Chicago, IL, office of Manatt, Phelps & Phillips LLP.
9 minute read

by Randi E. Seigel and Michael J. Herrmann

Due diligence is a vital step in all types of mergers, acquisitions, and other transactions, including making large investments in a company (collectively referred to in this article as “transactions”). While due diligence is done in various areas (e.g., financial, tax, operations) in most transactions, healthcare transactions require special attention to healthcare regulatory compliance due diligence—which often is where the greatest risks to the buyer may be. Ultimately, buyers and/or merging parties use their healthcare regulatory compliance due diligence to assess risks, inform the purchase price and any reserves, determine the closing conditions, negotiate definitive agreements, and prepare for the integration of the parties post-closing.

Importance of due diligence

Asset purchase versus stock purchase

While due diligence is important for all transaction types, certain transactions make due diligence more significant than others. Accordingly, it is essential to understand the transaction structure—whether it is an asset purchase transaction, merger, or stock purchase transaction—to determine the materiality and impact of any noncompliance identified during due diligence. For example, there is a stark difference in the assumption of liabilities between asset purchase transactions and stock purchase transactions.

  • Asset purchase. The buyer obtains certain assets and liabilities but does not acquire the “legal entity” of the seller (i.e., does not “step into the shoes” of the seller). This allows the buyer to avoid incurring certain liabilities associated with the seller, such as noncompliance with state healthcare licensure requirements and generally protects the buyer. We note that even in an asset purchase transaction, most buyers assume Medicare and/or Medicaid provider agreements and do become responsible for any overpayments owed to the Medicare and/or Medicaid programs by the seller (although the buyer can seek reimbursement or use other terms in the purchase documents to be made financially whole for historical noncompliance).

  • Stock purchase. The buyer purchases the seller’s stock and thus “steps into the seller’s shoes,” meaning the buyer is now responsible for all the seller’s known and unknown liabilities.

General purpose of due diligence

Due diligence is vital for the following reasons in almost all transactions.

  • Transaction structure. Understanding the seller’s potential historical and future liabilities may inform the transaction structure; a buyer may decide after due diligence to change from a stock to an asset purchase or even some other kind of transaction structure (e.g., merger, joint venture, services agreement).

  • Mitigation of exposure. In addition, due diligence allows the buyer to perform an overall assessment of the seller’s key compliance areas, enabling the buyer to plan mitigation activities upon completion of the transaction, regardless of transaction type. For example, if the seller identifies through due diligence certain arrangements likely to implicate the Anti-Kickback Statute (AKS)[1] and that are unlikely to meet an AKS safe harbor, the buyer may require mitigation measures to be taken prior to or after closing.

  • Definitive agreement preparation and purchase price determinations. In relation to mitigation of exposure, due diligence provides the buyer a basis for certain negotiation points when negotiating the transaction’s definitive agreements and purchase price (as discussed later in this article). Due diligence may also inform what conditions to closing are set forth in the agreements, such as obtaining necessary healthcare regulatory approvals or submitting a Stark Law disclosure. It also may inform provisions regarding how the seller’s business must continue operating between sign and close, e.g., not surrendering or terminating a license or continuing key payer agreements.

  • Integration of the parties. Lastly, understanding the seller’s compliance posture and licensure structure is critical for developing an integration plan to ensure compliance post-closing. For example, if HIPAA risks were identified, the buyer may want to immediately transition the seller to be subject to the buyer’s HIPAA policies and procedures and provide a training program and IT security infrastructure.

Due diligence requests and review

Due diligence may occur in a variety of ways depending on the transaction structure. Usually, the buyer will submit a “due diligence request list,” pursuant to which the buyer will request certain information from the seller to better assess the seller’s healthcare regulatory compliance. Typically, the buyer’s legal counsel drafts the due diligence request list.

In response to the due diligence request list inquiries, the seller will produce certain documentation (e.g., policies, agreements) or draft narratives for the buyer’s review. It is crucial that the seller provide complete and true responses when responding to due diligence requests to ensure the buyer has a complete understanding of the seller and avoid post-closing litigation for failure to disclose any requested information.

After the seller provides initial diligence responses and the buyer has had the opportunity to review such responses, it is common for the parties to schedule a due diligence interview, according to which the buyer and its lawyers will interview key personnel, such as a chief compliance officer (CCO), from the seller.

Due diligence interview questions most often include (i) follow-up questions to previously provided diligence responses, (ii) questions from the due diligence request list not yet responded to, and (iii) questions better answered with discussion than document or narrative production.

While requests will differ depending on the entity being reviewed (e.g., health system vs. health insurer vs. health tech) and the transaction type, standard healthcare regulatory due diligence request lists typically include requests related to the review of the following areas of a seller:

Compliance program

The buyer should request and review the seller’s compliance program to assess whether it includes the key elements of an effective compliance program, as set forth by the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG).[2]

  1. Policies and procedures. The buyer should see if the seller has established and implemented written policies and procedures, including a code of conduct for employees and vendors.

  2. CCO and compliance committee. The seller should have a CCO and a board-level compliance committee in place.

  3. Training and education. The seller should have certain compliance training and education materials for employees and other individuals involved with the seller (e.g., new hire training, annual training, and general education materials).

  4. Lines of communication. The seller should maintain a compliance hotline that provides anonymous reporting options for employees and/or other individuals. In addition, the seller should have policies prohibiting retaliation for good faith reporting and maintain an “open door” policy that encourages communication, feedback, and discussion.

  5. Auditing and monitoring. The seller should maintain certain auditing procedures, such as an annual auditing plan and targeted internal audits, to allow for the monitoring of key compliance areas.

  6. Responding to compliance issues and disciplinary standards. The seller should have a procedure that effectively responds to issues reported or discovered during an investigation. Furthermore, disciplinary standards should be applied uniformly across the seller’s operations and well-publicized to the seller’s employees.

HIPAA

The buyer should request, review, and assess the seller’s HIPAA policies and procedures to ensure they are mature and meet all applicable requirements. The buyer will also want to request information that allows the buyer to understand whether the seller has reported any breaches or incidents, particularly those involving more than 500 individuals (triggering HHS’s Breach Notification Rule). Lastly, the buyer should request and review the seller’s breach and security impact assessment policies and procedures to ensure proper protection of protected health information (PHI) and prevent unauthorized access to PHI.

Fraud, waste, and abuse

The buyer will want to request information to better understand whether the seller has made any self-disclosures or the seller has been subject to or received notice of any investigations related to compliance with laws related to kickbacks, self-referrals, and fee-splitting (e.g., Stark Law, AKS, the False Claims Act, or the Centers for Medicare & Medicaid Services’s (CMS) conditions of billing noncompliance). In addition, the buyer will want to review and assess provider and vendor arrangements, such as, but not limited to, employment agreements, independent contractor arrangements, professional services agreements, and joint venture arrangements, for potential fraud, waste, and abuse implications.

Investigations/audits/settlements

The buyer should ensure it is aware of any past, pending, or threatened investigations or audits by federal entities (e.g., CMS, the U.S. Department of Justice, or OIG) or state or local agencies (e.g., Medicaid Fraud Control units or state Medicaid agencies). To better understand any related matters, the buyer should request all correspondence and documentation related to any such matter that may apply to the seller.

In addition, the buyer should request copies of any settlement agreements, court orders, and corporate integrity agreements entered into by the seller.

Healthcare state licensure changes of ownership and material transaction notice

The buyer should request and review the seller’s licenses, certifications, permits, etc., to assess general compliance with licensure requirements, as well as review for any implicated change of ownership requirements associated with such licenses, certifications, permits, etc. Relatedly, more and more states are implementing “material transaction” filing requirements (e.g., California,[3] New York,[4] Illinois,[5] Oregon[6] ), which expect the transacting parties to make certain filings prior to completing a transaction.

Licensure change of ownership filings and material transaction filings typically have requirements as to how far in advance of closing such filings must be made. Accordingly, the buyer and seller should ensure that any required filings are satisfied in time for the anticipated closing of the contemplated transaction.

Other key areas of review

  • Licensure surveys or audits

  • Payer and provider agreements

  • Independent contractor agreements

  • Marketing activities or arrangements

Protection against compliance issues and liabilities

Definitive agreement

In order to protect itself against potential liabilities related to any uncovered compliance issues during due diligence, the buyer can negotiate certain key terms to be included in the transaction’s definitive agreements, propose a holdback or escrow to cover the cost of any potential overpayment, or even negotiate an adjustment to the purchase price of the overall transaction.

Certain key terms to negotiate for the protection of the buyer include:

  • Representations and warranties. The buyer can negotiate certain assurances to be included in representations and warranties to protect the buyer from certain liabilities. For example, the buyer can negotiate for a representation and warranty that says the seller is not subject to any pending or threatened investigation and requires any exceptions to the representation and warranty to be scheduled. Any untrue representations and warranties can result in a breach of such agreement. Often, a buyer learns of certain audits or investigations when receiving the first round of disclosure schedules.

  • Closing conditions. Upon discovering a particular compliance issue, the buyer can require such issue to be resolved prior to the closing of the transaction.

  • Protection against liabilities. In an asset purchase transaction, the buyer can include a provision that the seller shall be liable for all liabilities resulting from the seller’s pre-closing actions or inaction. These protections are not usually available in a stock sale. In addition, the buyer can purchase representation and warranty insurance, which protects the buyer by compensating the buyer for the seller’s breaches of its representations and warranties. Due diligence is important for obtaining such representation and warranty insurance.

Pre-closing measures

In addition, upon discovering specific compliance issues, the parties can agree on certain pre-closing measures to mitigate further exposure. For example, if the buyer learns of a potential Stark Law violation based on their review of the materials provided in due diligence, the parties can agree that the seller will make a Stark Law self-referral disclosure before closing.

Post-closing measures

Furthermore, post-closing—to ensure the acquired entity is compliant in all relevant areas—the buyer can incorporate certain integration measures, such as implementing certain policies and procedures, having employees participate in specific training or education sessions, or transitioning over certain agreements of the seller to the buyer’s standard agreement form. In addition, the buyer can continue to review particular areas of concern to ensure compliance is met or mitigation efforts are applied.

Terminate transaction

If all else fails, and the parties cannot agree on specific terms to the definitive agreements that provide the buyer with certain protections or if the seller does not agree to certain pre- or post-closing measures to be taken to mitigate potential compliance risks, the buyer can decide not to move forward with the prospective transaction.

Takeaways

  • Healthcare regulatory compliance due diligence is critical to informing material deal terms of transactions.

  • The type of transaction structure (e.g., asset purchase vs. stock purchase) informs the scope of diligence and how material liability may be to the buyer.

  • Key areas of due diligence review include the seller’s compliance program, HIPAA, fraud, waste and abuse, government audits, investigations, litigation, healthcare licensures, and key healthcare-related contracts.

  • Due diligence can inform the closing timeline that may be driven by a change of ownership or similar filings.

  • Due diligence is essential for post-closing integration of the buyer and the seller.

 
1 The Anti-Kickback Statute (AKS) makes it a criminal offense to knowingly and willfully offer, pay, solicit, or receive any remuneration to induce or reward referrals of items or services reimbursable by a federal healthcare program. The AKS is violated when remuneration is paid purposely to induce or reward referrals of items or services payable by a federal healthcare program. Remuneration includes the transfer of anything of value, directly or indirectly, overtly, or covertly, in cash or in kind. The AKS has been interpreted to cover any arrangement where one purpose of the remuneration was to obtain money for the referral of services or to induce further referrals. United States v. Kats, 871 F.2d 105 (9th Cir. 1989); United States v. Greber, 760 F.2d 68 (3d Cir.), cert. denied, 474 U.S. 988 (1985).
2 U.S. Department of Health and Human Services, Office of Inspector General, General Compliance Program Guidance, November 2023, https://oig.hhs.gov/documents/compliance-guidance/1135/HHS-OIG-GCPG-2023.pdf.
4 NY Pub. Health L. § 4550, et seq, https://www.nysenate.gov/legislation/laws/PBH/4550.
6 Or. Rev. Stat. § 415.500, et seq, https://oregon.public.law/statutes/ors_415.500.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

How compliance officers can help protect doctors

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings