Compliance Due Diligence for Smart Healthcare Mergers & Acquisitions

With the pressure to lower costs and adapt to a more value-based model, it’s no surprise that mergers & acquisitions continue to impact the healthcare industry.  The industry has been steeped with M&A activity for more than a year now. New M&A announcements invade our inbox weekly.

As hospitals and healthcare systems strive to enhance operational efficiencies and gain financial strength joining forces can bolster productivity, increase negotiating power and improve quality. Over the past several months, we have seen numerous health systems come together to form some of the largest health systems in the country. Notably, the Dignity Health and CHI merger which is expected to close in the second half of 2018, bringing together 139 hospitals across 28 states with $ 28.4 billion in revenue.  Aurora Health Care and Advocate Health Care, the largest health system in Wisconsin and the largest health system in Illinois coming together to create the nation’s 10th-biggest non-profit health system. And Ascension Health and Providence St. Joseph Health who are in talks to create the nation’s largest hospital chain.

Bringing together the nation’s largest health systems is no small feat. Mergers and acquisitions tend to be extremely complex commercial transactions that require high levels of due diligence especially in highly regulated industries like healthcare. Maintaining compliance in the due diligence process is of high importance given all the standards, regulations and acts that healthcare providers adhere to for accreditation and compliance. Not to mention passing the grade with state and federal regulators and the Federal Trade Commission.

What is Due Diligence?

Due diligence can take on many different forms and pertain to a variety of different factors. In compliance with the Securities Act, the meaning of “due diligence” is typically associated with the systematic investigation of a variety of business matters such as contract management, vendor management, policy and procedure management, materials management, clinical operations, etc.  Due diligence implies that the committee conducting the investigation has made a “diligent or conscientious” effort to gather together all relevant and meaningful information relating to business. Typically for mergers and acquisitions, the acquiring organization takes a dutiful approach to reviewing all the financials, contracts, accounts receivables and payables and all other aspects of how the company being acquired has been conducting business.  And although compliance due diligence may identify and/or detect new issues, there is no guarantee of discovering all issues.

Who forms the due diligence committee?

The due diligence committee members are typically comprised of legal counsel, chief financial officers, chief executive officers, chief compliance officers, risk managers, presidents, and board members.

Legal counsel plays a key role in protecting an organization by examining pending legal matters against an organization, limitations of liability and associated concerns in contracts.

Chief Compliance Officers or the office of Compliance plays a crucial role in identifying risks and/or gaps within compliance programs and processes.  For instance, if an organization is reliant on manual paper-based processes, the compliance due diligence task can be lengthy and daunting. Properly identifying risk and liability can be a complicated process which can lead to delays of the M&A.

Minor infractions, major complications

During the due diligence process, minor infractions and major complications may be identified. Minor infractions can consist of a pending bill issue already under review by the Centers of Medicare & Medicaid Services (CMS), Medicare Administrative Contractors (MACs) or the Office of the Inspector General (OIG).  Another infraction could be a privacy breach that is being investigated by the OIG or that the organization has not yet discovered. The infractions can impact the overall valuation and potentially lead to greater liability.

Process and operational system review

Reviewing all the processes and systems implemented during the due diligence process is important to help identify and understand potential risks and liabilities.  Asking questions such as “how are contracts management and filed?”, “What EHR system is deployed?”, “Are there policies in place for Cybersecurity and are they readily available to staff?” are key in the discovery phase. Conducting a situational analysis during due diligence is critical to obtain a deeper operational understanding.

Below is a partial list of the subject-based and task-based systems that should be reviewed and evaluated:

• Electronic health records – is the infrastructure in compliance with PHI?
• Policy and Procedure management – is it a commercial-grade system designed for healthcare or paper-based system and are policies in compliance with accreditation? Can staff find the right policy at the right time?  How are the policies and procedures managed?
• Contracts management – can procurement, legal and materials management easily manage the contract lifecycle and are they aware of any contract issues, upcoming renewals, etc.?
• Vendor management – what systems are in place to manage and validate vendors in real-time against the federal and state sanction database and OIG exclusion list?
• Billing – integration and interoperability with other systems?
  

Mergers and acquisitions are not for the faint of heart.  While the due diligence process promotes transparency, maintains integrity and adds value to all M&A stakeholders, it can be extremely time consuming, and daunting. Putting the right due diligence process in place helps streamline full and fair disclosure, minimizes risk, preserves compliance and is the ultimate key to a successful merger. 

For more insights on compliance due diligence for a healthcare merger and acquisition, check out this article by Saud Juman, CEO, PolicyMedical and Shawn DeGroot, President, Compliance Vitals published in the September issue of Compliance Today.

Tracy Staniland

Tracy has over eighteen years of progressive B2B marketing experience working with software companies based in Toronto, Canada. She enjoys interacting with customers and leveraging content marketing to provide informative content that enables customers to make informed business decisions. Tracy is an avid antique teacup collector, practices yoga and loves animals.

How to Write Consistent Policies and Procedures
06/12/2018

How to Achieve Accreditation Readiness
22/11/2018

3 Ways Technology is Changing the Healthcare System
08/11/2018

Starting Out as a Compliance Officer: 5 Proven Steps to Success
08/11/2018

Most Common Healthcare Policy Writing Mistake
25/10/2018

5 Common Healthcare Compliance Roadblocks
11/10/2018