Compliance due diligence for a merger and acquisition

by Saud Juman and Shawn DeGroot, CHC-F, CCEP, CHRC, CHPC

Saud Juman (sjuman@policymedical.com) is CEO at PolicyMedical in Ontario, Canada. Shawn DeGroot (shawn@compliancevitals.com) is President at Compliance Vitals in Sioux Falls, SD.

Today’s medical business landscape is driving hospitals, systems, and smaller physician groups to partner with other organizations to gain a competitive edge and/or improve efficiency. Almost all these entities will, at some time, consider the possibility of consolidation. Mergers and acquisitions (M&A) in particular are viewed as opportunities to manage cost pressures, improve market position, increase capital access, and bolster infrastructure.

For these partnerships to succeed, however, both the acquirers and acquirees must complete a full, top-to-bottom self-assessment, taking into consideration many aspects of their current operations. One area that is too often overlooked is the process of compliance due diligence. Risk exists without performing compliance due diligence during an M&A, and indeed when entering into any organizational partnership. Furthermore, when companies do not address such matters efficiently, the consequences can be severe, ranging from reduced valuations, legal suits, and government fines. Most important is reputation capital or the erosion of consumer confidence and trust.

Minor infractions, major complications

Minor infractions uncovered during due diligence may include a pending billing issue already under review by the Centers for Medicare & Medicaid Services (CMS), Medicare Administrative Contractors (MACs), or the Office of the Inspector General (OIG). Another infraction might be a privacy breach that the organization hasn’t yet discovered, or one that has been reported to the Office for Civil Rights (OCR) and not yet reported to the entity. Usually such problems can be addressed as they arise; however, an accumulation of issues, or the emergence of more extensive problems, can impact valuation and lead to greater difficulties regarding accountability and liability.

For instance, if the appropriate coding and billing documentation review isn’t performed and a system’s value is overstated due to upcoding, lack of documentation, or an inappropriate hard code in the charge master, overpayments and associated regulatory consequences may be the outcome. More importantly, when the term agreements are based on flawed earnings numbers, the value of the acquisition may be overstated. In all of these scenarios, the question becomes, “Who owns the liability and who is going to pay?”

The non-negligible likelihood of the above scenarios makes it critical to include contract language that clarifies the liability or a waiver of liability for any impropriety discovered within 90 days of the contract effective date. Even with such language in place, compliance due diligence cannot provide a 100% guarantee of identifying all areas of risk.

In the due diligence process, the Legal department plays a key role in protecting an organization by examining pending legal matters against an organization, limitations of liability, and associated concerns in contracts. Conversely, Compliance plays a crucial role in identifying risks and/or gaps within a process or compliance program. If an organization is reliant on manual processes, the compliance due diligence task can be quite daunting. Properly identifying risk and liability can be a complicated process and can lead to delays of the M&A; therefore, collaborating with Legal by establishing clear lines of communication to and from Compliance is key to continue forward movement. If an operation is clearly unorganized, mismanaged, and lacks effective compliance program oversight, the speed of completing due diligence may also lead to a delay with the M&A. Both are at risk of real consequences if accurate information isn’t forthcoming or isn’t detected.

One element that often complicates the due diligence process is when one or both sides do not have adequate time and resources to review important elements thoroughly. In the area of compliance, for example, the review process is more time-consuming when a system is not consolidated within their operational structure. If entities within a system operate independently or in siloes, and the programs, processes, contracts, and policies are de-centralized, additional time will need to be allocated for the compliance review. Modern approaches that include automated management systems that are accessible across a health system can dramatically improve the speed and accuracy of these crucial reviews.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings