Mergers and acquisitions (M&A) constantly occur in the healthcare industry. Organizations have varying levels of compliance involvement in the “due diligence” phase. During due diligence, a flurry of information is being shared by both organizations that are party to the transaction. Both organizations owe it to themselves to make sure the deal and the acquisition makes sense and accomplish the intended purpose of the transaction. Part of the due diligence process includes examining financial documents, contracts, employee data related to benefits and wages, and much more.
Once the transaction is done and the signatures have been inked, the work is far from over. When a health system purchases a physician group, a hospital, a skilled nursing facility, or another healthcare-related company to add to its portfolio, many compliance-related tasks are hopefully done as part of the pre-acquisition due diligence. One item that can only happen post-transaction is implementing the compliance program. Even if—prior to the acquisition—both entities had a robust compliance program, it is after the contracts are signed that the work starts on all the needed changes to have “one” compliance program.
Due diligence
The goal of due diligence is simple: for the organization to know what it is getting into and find skeletons in the closet. One doesn’t marry someone without dating them first (usually). Due diligence is the engagement period, if you will, where each party tries to make sure the M&A transaction will be a good fit. One company has already asked the other company to marry them; the other has conditionally said yes.
What information would you like to know about the person you will potentially marry? Flip that around, and what information would you want to know about the company you wish to acquire? What are the dealbreakers for the relationship? Compliance issues can be—and often are—the deal-breakers of M&A transactions. If one company was concealing fraud, for example, and during due diligence, the other found it out, they may not want that kind of liability on their hands and call the deal off. Who would want that liability? It is like finding out your fiancé is a serial cheater, or a tax evader, etc. The acquisitions need to be a good fit, or it could get ugly. The organizations need to be aligned on values, goals, and much more.
Assuming compliance sits at the table during due diligence, compliance essentially needs to conduct a risk assessment and audits. One could write numerous articles on how to perform a risk assessment during due diligence. Often, there is a session at the HCCA Annual Compliance Institute on due diligence, and I’ve found it well worth the time to attend those sessions. If compliance doesn’t have a seat at the table, find a way to get a seat that doesn’t make compliance look desperate or lose credibility in the process. If you have a seat at the due diligence table, don’t ever give up the seat because you won’t get it back very easily. It may be as simple as asking for a seat or difficult as encountering an “Oops, compliance should have been involved” moment to earn the seat.
Having worked for organizations where compliance did not have a seat at the table during M&A transactions, there is no secret formula I can share to ensure getting one. Each company is different, and each puts compliance on varying levels of importance in the process. I recommend finding out what downside risks the powers that be respond to and utilizing that in efforts to get a seat. Is there a way to quantify the downside risk without knowing the risks identified in the due diligence process? Perhaps alerting the powers that be—without doing a risk assessment and various audits—it is unknown what compliance risks the organization stands to inherit. At a minimum, ask to sit at the due diligence table; what is the worst that can happen? They say “No”? Maybe the powers that be will provide insight into what is needed to get a seat.
Risk assess the compliance program
There are numerous areas to address from a compliance perspective with due diligence. There will not be enough time to get to every area. Prioritizing high-risk, high-dollar areas is always important, but one area that must be assessed is the compliance program itself! Many often focus on auditing billing and other areas, which is vital, but creating a game plan for integrating the compliance program post-acquisition is also essential. While this article could focus on the various audits to conduct, it will focus on integrating the compliance program.
Once the contracts are signed and two companies are now one, the work really begins. If the compliance program isn’t assessed with due diligence, it could be chaos on day one!
Some critical questions/items to answer during due diligence regarding the state of the compliance program:
-
Is there a compliance committee? If so, what is the committee’s composition, and how often do they meet? (It would be helpful to obtain meeting minutes and associated materials to review.)
-
What is staffing like in the compliance department? What are the roles/functions of every team member? Do team members perform duties outside the “realm of compliance” (i.e., risk management, quality, coding/billing)?
-
What types of audits are conducted as part of the program? Obtain a list of audits conducted for the past several years, including any corrective action plans associated with the audits.
-
Obtain a list of all investigations, outcomes, and any repayments. This includes any third-party or governmental issues.
-
Acquire the code of conduct and a listing of all attestations.
-
Get copies of all compliance and privacy policies and procedures. Identify the approval and dissemination process. Identify if there is a mechanism to record attestations to the code of conduct and other key policies.
-
What software (either in-house or third-party) programs are used as part of the compliance program? Obtain copies of contracts and business associate agreements related to any compliance-related software. Same for any outside consultants.
-
Any other documents or information the organization may deem relevant to integrating a compliance program.
If the above list can be completed and all relevant documents are obtained, it will be the start of a great baseline to assess how the compliance program is operating and provide valuable information on how to start to integrate the program.
Some items may send you down a rabbit hole when conducting the assessment. It is okay to go a little bit down that hole—and maybe sometimes all the way—but be cognizant of how many other areas still need assessing in the time before the deal is finalized and, most importantly, what is the risk of the issue that sent you down that hole? Is it a possible deal-breaker? Or is it something that will just need to be addressed post-acquisition? Make sure to discuss the issues with others so that not everything is a “Chicken Little” situation where the sky is always falling. Not everything can be a deal-breaker. This may seem obvious, but it needs to be stated that those potentially true deal-breaker issues need thorough vetting. It is easy to be in the weeds and not notice how something may affect the bigger picture; hence, discussing matters with someone else who is not in the weeds may help put issues in the proper perspective.
Post-transaction integration activity
The two companies got “married,” and plans are now being made to fully integrate. Will the couple have a joint bank account or maintain separate accounts? Will there be joint ownership of property and assets?
The two organizations are still operating as two separate and distinct entities with a goal of integration in all business aspects. Expect two things: (1) the unexpected, and (2) bumps in the road. Unless the due diligence period was five years or some ridiculously long amount of time, there will be something that was either overlooked, not vetted enough, or some other reason why an aspect of integration doesn’t go smoothly.
Plan
Ideally, during the due diligence stage, it is wise to start creating an implementation plan for the compliance program. Just like when an engaged couple begins to plan for after the wedding, companies need to do the same.
If anyone on the team has project management skills, this is the time to put them to good use. If not, ask for help in creating a project plan. After reviewing all the documents that have been obtained and evaluating the state of the new entity’s compliance program, how the other entity aligns with the acquiring entity’s compliance program should start to take shape. Perhaps some areas are strong and even somewhat mimic each other, then there will be areas where they do not align; possibly significant changes will have to be made. Maybe it is transitioning or implementing software where there wasn’t before.
Creating appropriate timelines for implementation is necessary. For example, is it reasonable to have the new entity using all brand-new policies within the first 30 days post-transaction? Not likely, unless it is a small transaction such as a small physician practice. How does the compliance program implementation initiatives line up with the overall company integration? Will the overall organization integration take one year, three years, or longer? The compliance program should be able to be implemented prior to the overarching company integration—or at a minimum, in lockstep.
Communicate
As plans have been made, at some point, change must occur. Changes will be necessary, from policies and procedures to data flow, the compliance hotline, and how investigations are conducted. To make the compliance program implementation as successful as possible, communicate changes before they occur!
Meet with senior leaders, email affected individuals, and broadcast the changes in any way that gets the message to those who need to be aware! Most individuals won’t get too upset about the change but may get upset about not being told about it. Whichever mechanisms the organization utilizes to broadcast changes, use it as much as possible. Even with ensuring the message gets out in numerous ways, someone will always say they “never got the memo.”
Execute
Plans have been made regarding what needs to change in the compliance program, and communications have been made. Now, it is time to execute those plans. Depending on the process, different individuals will be involved; some plans may go off without a hitch, and others will not. Again, expect there to be bumps along the way. Roll with the punches. The best compliance officers are nimble and can quickly adjust to changes.
Evaluate
At some time after new processes have been put in place, evaluate if the new process is working as intended. Make changes as needed to ensure efficient operations. Again, any needed changes will also need to be communicated where appropriate.
The evaluation of a process can be simple and straightforward. A more complex process needs a more in-depth evaluation and review. For example, there are numerous ways to evaluate and potentially improve upon a process, such as using any of the following: lean methodologies, Six Sigma, Plan-Do-Study-Act, and more.
As compliance officers, if you’ve been doing risk assessments and investigations, the above-mentioned improvement methods should not be a stretch to get the basic concepts down. If you are unfamiliar with any formal process improvement methods, with a little research, it will be plain to see that you’ve likely been doing some version of the process improvement model without even knowing it. Regardless of the methodology being used, appropriate evaluation of the newly implemented processes is key to the success of the individual process and overall compliance program implementation.
Repeat the process of planning, communicating, executing, and evaluating steps as needed.
Changing gears to address possible areas that may not get the traction they deserve in a post-transaction world. While the following may not be “compliance” issues per se, if compliance can be cognizant and aware of the issues, perhaps the compliance professionals can be proactive for their own part.
Acronyms and cultural language, aka, corporate speak
I would bet that everyone has been in a meeting or had a conversation at some point in their lives where the dialogue may have been in their native language, but they still had no idea what was being said due to the “lingo” and terminology being used. Every company has its own unique style of corporate lingo, which generally includes countless abbreviations. New employees—as would be expected—often ask, “What does this mean?” or “What does this stand for?” We’ll call this phenomenon “corporate speak.” Compliance has a unique corporate speak: AKS, FCA, Stark, HIPAA, CMP, DOJ, OIG. Do we use those terms and acronyms around noncompliance folks? Do they just nod, smile, and pretend they understand?
When two companies come together, each company has its own unique dialogue that the staff at each respective organization has learned and understands. However, what often occurs is that when the two companies start to assimilate, there are often numerous conversations after various meetings where someone pipes up and asks something to the effect, “What did they mean by this?” Maybe they were too embarrassed or clueless to know what they didn’t know, but even yours truly has been the guy asking those questions after a meeting to better understand what just transpired.
It would behoove every organization to create a corporate-speak cheat sheet that includes all their common and known abbreviations and uses of various terms likely unique to the organization. Maybe your organization already has one, but does everyone know it exists? Has it been disseminated to the employees of the acquired company? Is it handed out or mentioned to new employees during orientation? Even common, everyday words sometimes have different meanings in different companies—especially when two companies are coming together; there will be miscommunications because of corporate speak.
For example, several years ago, there was a merger between two health systems. The larger company used the term “internal audit” to reference any audit conducted by the compliance program, as the audit was conducted “internally” by the company. Whereas the smaller company used the term “internal audit” more traditionally than the “internal audit department,” where qualified internal auditors—not compliance—would conduct an audit. It created confusion and caused the larger company to start to change its corporate speak to accommodate the smaller company; the larger company realized it was not using the term as it should. They then started referring to audits conducted by the compliance program as “compliance audits”; however, the change in corporate speak didn’t happen without some confusion on both sides and took time for everyone at the larger company to acclimate too. Typically, the larger company forces the use of its terminology on the newly acquired entity, but not the way this example played out.
Cultural differences
Mix two companies—each with its own culture and makeup of employees—and it can get confusing quickly for a lot of individuals at many levels of the organization(s) if there isn’t a “speak-up culture” or corporate-speak cheat sheet or both. Consider the fact that companies are made up of people from all walks of life and often employ many individuals from other countries, which means an influence of different cultures within a culture. What sometimes happens when you have many microcultures within the larger company culture is there may be some culture differences or a misunderstanding of culture, and maybe even clashes with the various cultures. It may not always be a difference in “culture” issue, maybe an individual personality issue, or misunderstanding because there wasn’t a corporate-speak cheat sheet!
Do we use vocabulary words that even native English speakers have a hard time understanding, let alone those where English is their second language? Having a reference sheet—at least for compliance and privacy— is well warranted in these situations alone, if not the whole company.
Signage and branding
Some may be wondering, how is signage a compliance concern? Why does it matter in a post-M&A organization? First, by signage, I mean a sign outside the building. The signs on the walls inside indicate the name of the company and the name and logo on letterhead that gets sent out to patients.
There is a compliance requirement, referred to as “provider-based billing” or “provider-based departments” (PBD), that specifically mentions how a company holds itself out to the public. This rule only applies to hospitals and their associated outpatient departments; however, even if your company isn’t a hospital, it is certainly food for thought from a marketing and branding perspective.
The provider-based rule states:
Public awareness. The facility or organization seeking status as a department of a provider, a remote location of a hospital, or a satellite facility is held out to the public and other payers as part of the main provider. When patients enter the provider-based facility or organization, they are aware that they are entering the main provider and are billed accordingly.[1]
First, this is one small paragraph out of many requirements. In essence, if you are a patient and in a PBD, walking around the building, do you feel like you are in the “hospital” or that it is an extension of the hospital? This rule allows hospitals with a PBD to bill Medicare for hospital rates, including the technical component for outpatient services performed at the PBD. A common example of this is outpatient radiology. Hospitals often have off-site outpatient facilities—perhaps on the other side of town—to better accommodate close access for patients. If the off-site radiology facility is a PBD, it needs to have signage that conspicuously indicates it is a part of the hospital—even if it is miles away.
If a hospital with PBDs is part of an M&A transaction, it needs to take measures to ensure its PBD sites are appropriately named and held out to the public as part of the hospital, and as signage changes post-transaction, so does the signage at the PBD. Another question to ask as part of post-M&A activities—if it wasn’t asked in the due diligence phase—is, “Is the hospital aware if it has PBD locations?” That can be a fun surprise later if it wasn’t asked up front!
For those whose companies do not have a hospital—and even those that do—the message on signage and branding is simple: keep branding consistent with the way you have been representing your company to the public. Have you ever seen an old 1980s repurposed McDonald’s restaurant? You can spot it a mile away, as the building itself was part of the brand. As you drive by, please notice how effective the branding was if—after all these years—you recognize it as a McDonald’s restaurant even though the sign is long gone. If you can’t recognize that you are in the “hospital” by the signs on the doors, walls, and building, then you have failed at branding your PBD.
In short, identify the PBDs and make sure the branding matches the hospital and has the hospital name posted. If the soap dispensers in the restrooms have the old company logo on them, make sure they get changed after the M&A transaction, too!
Conclusion
There are countless items that must be considered post-transaction from a compliance perspective. Presented here are just a few topics that may play a significant role in creating a transition that is successful as possible after an M&A transaction. The sooner issues can be identified, the sooner individuals can be brought up to speed and familiarized with how both parties to the transaction operate, the better off everyone will be. Lastly, one common and very crucial theme throughout a successful transition will be communicating changes to all affected in advance of the change—not after.
Takeaways
-
Due diligence is important in mergers and acquisitions transactions, but the bulk of the work starts post-transaction.
-
Effective communication around process change is crucial at all phases of a transaction.
-
Use the due diligence process to gather information regarding the compliance program.
-
Organizations should take measures to educate staff on “corporate speak.”
-
Effective branding can only make the business stronger. Keep it consistent in the acquired entity.