Compliance Risk Mitigation in Healthcare Mergers & Acquisitions

Mergers and acquisitions permit healthcare organizations to expand their scope of services and access to care for their patients. Although slightly down from last year, Modern Healthcare reported in a recent survey that 44% of executives plan on using mergers and acquisitions (M&A) as their preferred strategy for growth in 2019¹. Traditionally, financial, operational, and legal analysis have made up diligence efforts; however, compliance due diligence is playing an increasingly critical role in such transactions.

Compliance due diligence seeks to identify red flags for the buyer in order to permit a greater understanding of the seller’s risk profile related to past or ongoing violations of the laws, including Stark, Anti-Kickback, False Claims Act, and data protection and privacy laws, or other patterns of misconduct, to ensure issues are addressed prior to the transaction’s close and/or to determine whether the terms of the deal will need to be changed.

Further, in general, the successor in a merger or stock transfer will be held liable for prior violations of the acquired company, and the Department of Justice (DOJ) has high expectations pertaining to compliance due diligence. In February 2017, the DOJ published the Evaluation of Corporate Compliance Programs, making expressly clear that when investigating a compliance violation within a healthcare organization that has recently been acquired, it will evaluate the due diligence processes applied as part of the transaction². This includes determining if the compliance misconduct was identified during due diligence, an inquiry into who performed the diligence, and the general process employed.

Further, it has made clear that it expects to see an effective process post-acquisition for addressing misconduct or misconduct risks identified during the diligence process.Finally, the post-transaction period permits the buyer to focus on and improve overall compliance and should be implemented as soon as possible in the post-transaction period, including addressing misconduct or risks identified during the due diligence process and implementation of the acquirer’s compliance program.

What You Can Do:

• Engage a reputable third party to perform compliance due diligence.
• Begin compliance due diligence early in the transaction process.
• As part of compliance due diligence, perform a discovery audit of the documentation, coding, and billing practices of the providers, where relevant.
• Ensure the compliance program of the buyer has been recently refreshed and embodies best practices.
• Where a rapid close cycle prevents a full compliance due diligence effort, engage a third-party compliance expert to evaluate the status of the acquired practice’s compliance program in the immediate post-transaction phase so that risks and misconduct can timely be identified, mitigated, and disclosed where necessary.

Contact Us