Healthcare entities (both physician practices and ancillary service providers) continue to be a major component of many private equity acquisition and investment plans. However, healthcare acquisitions present several unique regulatory challenges and recent enforcement trends suggest that private equity investors face increasing exposure to liability under the False Claims Act (“FCA”), and other healthcare-specific laws and regulations.
Historically, private equity firms that invested in healthcare entities that ultimately were targets of FCA or other healthcare enforcement actions, have faced only modest direct liability where the conduct that gives rise to the enforcement action began pre-acquisition and where private equity is not alleged to have directly participated in the establishment of the allegedly problematic practices. Private equity’s financial exposure in FCA actions was primarily indirect: substantial reduction in value of the acquired entity. In some instances, this damage could be mitigated in ancillary litigation against previous owners, and in most instances, FCA risk could be reasonably incorporated into a private equity’s broader risk assessment.
This position, of limited direct exposure for private equity investors, is eroding. The Department of Justice is increasingly pursuing private equity investors arguing that private equity did or should have identified the misconduct in due diligence and that subsequent failure to change the preexisting conduct is sufficient to establish liability under the FCA.
As just two recent examples, the Gores Group recently agreed to pay the U.S. Government $1.5 million, and Ancor Holdings, LP agreed to pay $1.8 million. In neither case did the Government allege that the private equity target had any involvement in the initial establishment of the allegedly problematic practices.
This enforcement shift is likely to continue and highlights the importance of effective due diligence when acquiring a financial interest in any healthcare entity. Elliott Sauter, PLLC assists private equity firms in evaluating the operations of healthcare acquisition targets for compliance with applicable
State and Federal law. We also assist private equity firms facing actual or potential enforcement actions whose previous due diligence efforts have not been entirely successful. This dual role has given us the opportunity to draw some useful conclusions and takeaways for private equity firms trying to manage and mitigate their regulatory risk:
(1) Initial due diligence is critical but incomplete. Many structural and contractual arrangements that may give rise to FCA liability can be identified in the standard due diligence process, but other regulatory violations may be very difficult to identify in due diligence. It is important for private equity to understand the fundamental limitations of due diligence. Specifically, traditional due diligence is strongly dependent on document review. There is a significant gap between the methodology of a document-based due diligence review and the tools and techniques used by the government to identify and pursue enforcement action. Too often, we see enforcement actions where the investor did perform some initial due diligence that did not identify the relevant regulatory issue, but did not receive adequate instruction on the types and likelihood of regulatory problems that are unlikely to be identified from the process, and as a result miscalculated the residual risk. Successful healthcare investors know what they don’t know.
(2) In due diligence, private equity should prioritize evaluating the strength of an acquisition target’s positive compliance efforts as much as identifying potential regulatory problems. In enforcement actions involving private equity, we often review initial due diligence efforts and their efficacy. We frequently see an effective review of policies and procedures and at least some structural analysis (although we frequently encounter instances where the structural analysis did not address the specific structural issue that ultimately gave rise to the enforcement action). We often see little or no front-end analysis of the quality of a target’s positive compliance efforts (quality of compliance notes, efforts to supervise sales personnel, the strength of the compliance officer, quality and frequency of utilization review, etc.). For healthcare industry participants, who generally have not participated in any previous enforcement action, it can be less intuitive how positive compliance efforts and their documentation impacts an enforcement action. But we have seen substantial differences in enforcement outcomes between entities that have substantial positive compliance activities (particularly regular compliance notes) and those that engage in less extensive activities.
(3) The impulse to push all compliance activities to external attorney groups should be resisted. One organizational feature that we see consistently with private equity enforcement actions is that a very high percentage of compliance and due diligence activities are outsourced to third parties (usually attorney groups) and the private equity entity has little internal compliance resources and personnel. Attorneys are absolutely a critical component of an effective compliance/risk management plan for a private equity group in healthcare. However, efforts to minimize exposure that depend on outsourcing compliance efforts are increasingly unsuccessful. Attorney advice in enforcement actions is generally reviewed under the “advice of counsel” standard, which is often not favorable to defendants and always raises a myriad of ancillary issues (including potential privilege waiver problems). In addition, internal compliance personnel working in cooperation with external counsel generate more and different types of compliance materials that are generally more effective in the event of an enforcement action.
(4) Post-acquisition compliance activities can effectively mitigate risk. One major positive takeaway is that private equity firms can substantially reduce their direct and indirect exposure to FCA liability through post-acquisition compliance activities even if initial due diligence and the target’s pre-acquisition compliance program were sub-optimal. A strong contrast in pre- and post-acquisition operations can be very helpful in the event of future enforcement action. Documenting consistent compliance-focused action is key.
If you have additional questions regarding due diligence best practices or how to implement an effective compliance program, or if you need assistance with an actual or potential enforcement action, please do not hesitate to contact Michael Elliott at 469.758.4152. In addition, Elliott Sauter attorneys have recently given presentations on related subjects. Recordings are available at https://healthcaremsoconference.com/webinars/.