Mergers and acquisitions (M&A) constantly occur in the healthcare industry. Organizations have varying levels of compliance involvement in the “due diligence” phase. During due diligence, a flurry of information is being shared by both organizations that are party to the transaction. Both organizations owe it to themselves to make sure the deal and the acquisition makes sense and accomplish the intended purpose of the transaction. Part of the due diligence process includes examining financial documents, contracts, employee data related to benefits and wages, and much more.
Once the transaction is done and the signatures have been inked, the work is far from over. When a health system purchases a physician group, a hospital, a skilled nursing facility, or another healthcare-related company to add to its portfolio, many compliance-related tasks are hopefully done as part of the pre-acquisition due diligence. One item that can only happen post-transaction is implementing the compliance program. Even if—prior to the acquisition—both entities had a robust compliance program, it is after the contracts are signed that the work starts on all the needed changes to have “one” compliance program.
Due diligence
The goal of due diligence is simple: for the organization to know what it is getting into and find skeletons in the closet. One doesn’t marry someone without dating them first (usually). Due diligence is the engagement period, if you will, where each party tries to make sure the M&A transaction will be a good fit. One company has already asked the other company to marry them; the other has conditionally said yes.
What information would you like to know about the person you will potentially marry? Flip that around, and what information would you want to know about the company you wish to acquire? What are the dealbreakers for the relationship? Compliance issues can be—and often are—the deal-breakers of M&A transactions. If one company was concealing fraud, for example, and during due diligence, the other found it out, they may not want that kind of liability on their hands and call the deal off. Who would want that liability? It is like finding out your fiancé is a serial cheater, or a tax evader, etc. The acquisitions need to be a good fit, or it could get ugly. The organizations need to be aligned on values, goals, and much more.
Assuming compliance sits at the table during due diligence, compliance essentially needs to conduct a risk assessment and audits. One could write numerous articles on how to perform a risk assessment during due diligence. Often, there is a session at the HCCA Annual Compliance Institute on due diligence, and I’ve found it well worth the time to attend those sessions. If compliance doesn’t have a seat at the table, find a way to get a seat that doesn’t make compliance look desperate or lose credibility in the process. If you have a seat at the due diligence table, don’t ever give up the seat because you won’t get it back very easily. It may be as simple as asking for a seat or difficult as encountering an “Oops, compliance should have been involved” moment to earn the seat.
Having worked for organizations where compliance did not have a seat at the table during M&A transactions, there is no secret formula I can share to ensure getting one. Each company is different, and each puts compliance on varying levels of importance in the process. I recommend finding out what downside risks the powers that be respond to and utilizing that in efforts to get a seat. Is there a way to quantify the downside risk without knowing the risks identified in the due diligence process? Perhaps alerting the powers that be—without doing a risk assessment and various audits—it is unknown what compliance risks the organization stands to inherit. At a minimum, ask to sit at the due diligence table; what is the worst that can happen? They say “No”? Maybe the powers that be will provide insight into what is needed to get a seat.
Risk assess the compliance program
There are numerous areas to address from a compliance perspective with due diligence. There will not be enough time to get to every area. Prioritizing high-risk, high-dollar areas is always important, but one area that must be assessed is the compliance program itself! Many often focus on auditing billing and other areas, which is vital, but creating a game plan for integrating the compliance program post-acquisition is also essential. While this article could focus on the various audits to conduct, it will focus on integrating the compliance program.
Once the contracts are signed and two companies are now one, the work really begins. If the compliance program isn’t assessed with due diligence, it could be chaos on day one!
Some critical questions/items to answer during due diligence regarding the state of the compliance program:
-
Is there a compliance committee? If so, what is the committee’s composition, and how often do they meet? (It would be helpful to obtain meeting minutes and associated materials to review.)
-
What is staffing like in the compliance department? What are the roles/functions of every team member? Do team members perform duties outside the “realm of compliance” (i.e., risk management, quality, coding/billing)?
-
What types of audits are conducted as part of the program? Obtain a list of audits conducted for the past several years, including any corrective action plans associated with the audits.
-
Obtain a list of all investigations, outcomes, and any repayments. This includes any third-party or governmental issues.
-
Acquire the code of conduct and a listing of all attestations.
-
Get copies of all compliance and privacy policies and procedures. Identify the approval and dissemination process. Identify if there is a mechanism to record attestations to the code of conduct and other key policies.
-
What software (either in-house or third-party) programs are used as part of the compliance program? Obtain copies of contracts and business associate agreements related to any compliance-related software. Same for any outside consultants.
-
Any other documents or information the organization may deem relevant to integrating a compliance program.
If the above list can be completed and all relevant documents are obtained, it will be the start of a great baseline to assess how the compliance program is operating and provide valuable information on how to start to integrate the program.
Some items may send you down a rabbit hole when conducting the assessment. It is okay to go a little bit down that hole—and maybe sometimes all the way—but be cognizant of how many other areas still need assessing in the time before the deal is finalized and, most importantly, what is the risk of the issue that sent you down that hole? Is it a possible deal-breaker? Or is it something that will just need to be addressed post-acquisition? Make sure to discuss the issues with others so that not everything is a “Chicken Little” situation where the sky is always falling. Not everything can be a deal-breaker. This may seem obvious, but it needs to be stated that those potentially true deal-breaker issues need thorough vetting. It is easy to be in the weeds and not notice how something may affect the bigger picture; hence, discussing matters with someone else who is not in the weeds may help put issues in the proper perspective.
