Kusserow’s Corner: Regulatory Due Diligence is Critical in Mergers and Acquisitions

In the health care sector, Mergers and Acquisitions (M&A) take place on an average of twice a week. Some involve a single facility, others entire systems. The number has been increasing in recent years and is likely to continue, stimulated by health care reform and the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148). For all M&A due diligence is an essential part of the process in providing vital information in assessing value and potential liabilities, prior to closing of a transaction with the provider. There are actually two standard types of reviews. The first are performed by public accounting firms that assessing financial accountability and viability by evaluating balance sheets, income statements, audit reports, and cash flow statements and projections. The second type is legal that examine the entity’s structure; business permits and/or approvals; employment and labor law compliance; environmental law approvals, permits and compliance; contractual rights and obligations; intellectual property rights and obligations; real property law compliance; securities and financing regulatory compliance; tax exposure risks; consumer protection law and exposure risks; international trade and export permits and/or licenses; previous and/or current litigation; media reports; and external consultants and/or advisors. In many cases highly competent accounting and law firms limit their scope to their areas of expertise which may not include healthcare regulatory compliance and thus too limited to address these types of potential problems.

In most business sectors these two types of reviews provide adequate information. However the health care sector is complicated by being a heavily regulated environment wherein health care facilities are subject to a tremendous number of state and federal laws and regulations that govern how business must be conducted. As such, there is significant risk that a purchaser can inherit serious regulatory liabilities for failure to comply with laws and regulations. In a surprising the number of cases, an acquisition is made only to find within a matter of months the entity is under investigation or discover a need to make disclosures and overpayments of millions of dollars. The underscores the need to determine what regulatory risks and exposures may exist prior to closure. It is also useful in establishing a future defence in case a problem emerges subsequent to closure on the deal.

Regulatory due diligence should identify any gaps in compliance with applicable health care related laws and regulations, as well as identify corrective action measures to mitigate liability exposure. Health care reform has already led to increased oversight and enforcement by the HHS Office of Inspector General (OIG), Department of Justice (DOJ), and FBI through legal enforcement initiative. In addition CMS has been employing a number of program integrity contractors, including RACs, ZPICs, MACs, MICs, and others to increase this effort. All of this should be properly accounted for in any M&A transaction.

Regulatory due diligence needs its own detailed set of protocols; and with the right kinds of experts, it can be performed quickly, efficiently, and at fraction of the cost of legal and financial due diligence. Experts can quickly identify areas of risk and vulnerability, beginning with the ten high-risk areas highlighted in HHS OIG compliance guidance documents for hospitals. They can examine the effectiveness of the compliance program, evaluation of internal monitoring of high-risk areas, claims audits and extrapolations, and the ongoing auditing processes of the health care organization.

High on the list for any reviews should be all the various types of arrangements with referral sources; the highest enforcement priority of both the DOJ and OIG and represents the majority of cases litigated and/or settled. The claims development and submission processes and controls should also be examined to ensure that there are not regulatory issues waiting to be discovered by CMS contractors or enforcement agencies. HIPAA and HITECH represent areas where compliance with privacy and security controls and management requirements are critical to avoiding potential liabilities. Other key areas that should be addressed are cost report development and reporting; EMTALA compliance; laboratory services, teaching physician program; Medicare bad debts, credit balances, one day stays and outpatient services, among others.

It is difficult to imagine why a party looking to make an acquisition would not want a regulatory due diligence. Problems will be identified by the reviews but are not likely interfere with the decision to acquire, but is very likely to not only avoid a future liability but puts on the table additional tools to improve the negotiation terms and conditions. In short, it can not only avoid future liabilities, but provide a tremendous return on investment. The financial due diligence is transaction analysis intensive in going over all the books and records of the organization; and the legal review also involves detailed examination of a large number of agreements, contracts, and other legal documents. Regulatory compliance experts know exactly where to look for any weaknesses without having to do a “deep dive.” With the right experts this can be performed in a matter of a few days, not months with the result of costing only a small fraction of the costs of either a financial or legal review. More on articles and information regarding M&A, Compliance Program Effectiveness Reviews, Physician Arrangements and other high risk areas are available at Compliance.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years.  He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters.  The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow’s Corner Newsletter

Copyright © 2014 Strategic Management Services, LLC.  Published with permission.