This was originally published in Reuters Legal News (May 16, 2023).
This is the third piece in our series on private equity investment in health care — which explores why conducting due diligence in a health care purchase requires special attention, particularly for private equity firms entering the sector for the first time. The first piece focused on compliance precautions and the second focused on enforcement trends.
This piece details the questions that should be asked to uncover compliance concerns and the red flags that should give a private equity investor in health care pause. If private equity moves too quickly to turn a profit, fundamental regulatory and compliance elements may be overlooked, leading to major headaches down the road.
Why conduct due diligence?
The due diligence process is critical when purchasing a health care entity, especially because acquisitions in this space tend to move quickly — private equity is usually aggressive once it sets its sights on a target. Hidden compliance issues such as nonconformity with health care regulations on fraud and abuse or those related to privacy and security are easy to overlook. However, failure to conduct due diligence, or to assess and negotiate the proper delegation of risk once compliance issues are uncovered, could lead to financially devastating consequences.
Critical considerations when performing due diligence include:
- Understanding the entity’s business model, people, organizational structure, and any pending or consequential governmental investigation.
- Reviewing the entity’s health care compliance program.
- Examining any existing partnerships, arrangements and ancillary relationships.
A thorough understanding of the health care entity and any shortfalls will enable an investor to better negotiate the terms of the purchase agreement and secure necessary representations and warranties before closing the deal.
Evaluate organizational structure
Some view private equity and health care compliance as antithetical: One party seeks to make a profit while the other party puts patient outcomes first. While nothing is as simple as this, private equity does take on new ethical obligations when investing in a health care entity. To uphold, or even improve, the quality of care being provided to patients, private equity must learn all it can about the entity it is purchasing, as well as its providers.
At the onset of the due diligence process there are critical elements to unpack. Here are five critical issues to address:
- Who owns the health care entity? Unclear ownership can be a harbinger for future claims of illegal referrals. For example, a practicing physician who owns an interest in a management company that “owns” the profits of the professional practice might raise a red flag. Legal analysis of the organizational structure prior to and following acquisition is critical to avoid any potential fraud and abuse concerns.
- Any issues related to state corporate practice of medicine restrictions are also important. Only licensed and certified professionals can practice medicine and dentistry. The corporate practice of medicine doctrine aims to protect patients by prohibiting corporate entities from practicing medicine, interfering with medical decision-making, or employing physicians to provide professional medical services in a prohibited manner. The due diligence phase must confirm that the target health care entity is properly owned by the party legally allowed to do so under state law. Also under this doctrine, a private equity firm cannot influence or manage the medical direction of a medical practice, and it may likely require working through a separate management services organization to operate the administrative end of the practice. The goal is to ensure the health care providers put the needs of their patients ahead of the organization and avoid unlawfully commercializing their practice.
- Research is necessary to ensure the organization’s financial relationships fit within the regulatory guidelines of the Stark Law and Anti-Kickback Statute, including all ancillary services provided, service and employment contracts, and ownership matters, with special consideration of fair market value, commercial reasonableness and referral risks. Be wary of the fair market value range, because any practice overvaluation can be interpreted as the result of paying for referrals. A purchaser should strongly consider hiring a third party to conduct a financial evaluation and gauge the soundness of the business arrangement. Understanding what referrals the health care practice makes and receives is also of utmost importance.
- The purchaser should consider the intellectual property assets the health care entity may own. Does it have a federal or state trademark on its name or logo? Copyrighted publications or software? It is critical to investigate the status of any intellectual property associated with the health care entity and the ownership of such intellectual property.
- Organization culture should be assessed by evaluating the entity’s health care compliance program. The target entity must have a culture that supports and enforces its compliance policies and procedures and shows the compliance program is not an afterthought.
A few key questions to consider include:
- Is the organization acting in a way that shows it is a health care compliant entity?
- Have key players bought into the culture?
- Does the culture align with the anticipated culture moving forward?
- Does the health care entity have written policies and procedures that are followed?
- Does the target entity conduct effective training for its employees?
- Is there a compliance officer overseeing the program?
- Does that officer conduct audits and take corrective action as necessary?
- Does that officer have a direct chain of communication to the leadership of the purchasing organization?
- Are standards enforced through disciplinary actions?
If in conducting specific due diligence, the answer to any of the above questions is “no” it may be a recipe for buying many hidden and costly problems.
Assess the health care compliance program
Private equity’s knowledge of the strengths and weaknesses of the target entity’s compliance program is essential if allegations of fraud and abuse are made after the transaction closes. A private equity firm cannot be completely insulated from liability for prior bad acts of an acquired health care entity, but a robust due diligence process is essential to reduce this risk.
Here are the areas a private equity firm should explore and address in the seller’s representations and warranties:
- Compliance program. Does the organization and/or its entities have a strong compliance program that follows the U.S. Department of Health and Human Services’ Office of the Inspector General’s (OIG) Seven Elements of an Effective Compliance Program?
- Billing history. Having a health care auditor review a sampling of bills from each provider and deliver a report card on the billing practices can significantly mitigate potential risks.
- Government investigations. Are the entity or its providers the target of current or former governmental investigations, including any related to a Corporate Integrity Agreement?
- Privacy and security. An audit of the entity’s privacy and security program can prevent potential problems post-acquisition. Is the practice operating on a secure network? Are there workplace controls in place? Are HIPAA (Health Insurance Portability and Accountability Act) policies followed?
- OIG Exclusions Database. Referencing the database to search for individuals and entities excluded from Medicare is necessary. If the target or any of its employees or contractors are on the list, seek out further information.
- Proper documentation. Copies of all licensing documentation and surveys should be secured. Are providers appropriately licensed and credentialed and not under investigation or probationary status, including with a medical staff where the providers have privileges? Is the facility in compliance with licensing requirements, including, but not limited to any required Certificate of Need?
- Marketing. Do marketing arrangements fall under the guidelines of the Anti-Kickback Statute and the Eliminating Kickbacks in Recovery Act?
Furthermore, a purchaser should ensure that the seller’s representation and warranty disclosures attest, among other issues, that:
- The seller is defined to include those who have a direct or indirect ownership in the entity, including any managing officer, director manager or agent or any managing employee (e.g., as to their knowledge about overpayments);
- There are no known:
- Violations of state and federal fraud and abuse laws;
- Whistleblower lawsuits;
- Exclusions from federal or state payment program;
- Current or previous overpayment penalties.
Due diligence to this extent can take months but ultimately depends on the closing date set by the parties. Regardless of the timeline, due diligence is essential to protecting against government scrutiny following the purchase of a health care entity.
Consider service provider relationships
The due diligence process also needs to include reviewing any agreements that are in place with organizations and individuals that serve the seller.
For example, the purchaser should examine if the entity has hired any physicians to be a medical director. Are the medical director services bona fide services, clearly indicated in a written agreement, or is the medical director merely being paid in a manner that could be construed as a payment for referrals? Here, it is important to determine whether fair market value for enumerated medical director services reasonably aligns with the total compensation. If there are gaps, a government agency could infer illegal remuneration for referrals. All such contracts must be reviewed to understand the goals and payment structure and to be sure everything is reconciled.
The health care entity’s relationship with its outside vendors must also be considered, as well as relationships where the target health care practice is providing services, to ensure all are in compliance with fraud and abuse laws.
Happily ever after?
When the due diligence process is complete, look at the big picture. If red flags abound, a purchaser may want to call off the deal. Or, if there is a tolerance for risk, a purchaser could negotiate some allocation of liability — an indemnity agreement, for example — where a sum of the purchase price is retained and potentially withheld if a government investigation occurs post-closing due to the seller’s negligent billing practices.
The bottom line is that private equity investment in a health care entity must be sound from top to bottom. Examine the target organization in whole, ensuring there is a robust compliance program in place and that it is operating in proper fashion before pulling the trigger.
For more information on our work in the health care and PE realm, visit our Health Care Innovation Industry Team.