Glenn P. Prives, Of Counsel, McElroy, Deutsch, Mulvaney & Carpenter
Glenn P. Prives, Of Counsel, McElroy, Deutsch, Mulvaney & Carpenter

Several fundamental factors continue to make the health care services sector an attractive target for a broad range of financing transactions. An aging population, ongoing development of innovative drugs and technologies and a fragmented and inefficient delivery system are expected to drive industry disruption, consolidation and growth over the coming decade. But there are several legal and regulatory risks inherent to health care businesses, which lenders must first take into account.

The health care services landscape is diverse. In addition to large hospitals, health systems and physician practices, it encompasses an extensive range of retail businesses — with many firms operating on a regional or national basis — which provide pain management, anesthesia, ambulatory surgery, imaging, urgent care, dental care, health information technology, rehabilitation and addiction treatment, physical therapy, home health care, cancer and oncology-driven care, chronic disease management, wound care, hospice care and skilled nursing.

Increased competition in the health care services sector over the past five years has fueled the need for working capital for expansion. This spike in demand has been addressed by experienced health care financing sources and has attracted non-bank lenders and private equity firms which are far less familiar with key factors and potential risks unique to health care service companies.

Whether new or experienced in the sector, financing sources must take six potential landmines into account.

1. Improper Coding and Billing

Regulators often scrutinize providers for actual or suspected improper coding, upcoding and/or insufficient documentation in the medical record to support the service rendered. The code selected correlates to the reimbursement paid to the provider for the service. Improper coding, regardless of the underlying reason, can result in payment denial, civil penalties and/or criminal penalties depending upon the severity, frequency, intent and other factors. Lenders are well-advised to audit and evaluate a potential partner’s coding and billing practices.

2. Compliance Risk

Some providers are required by law to implement robust compliance programs, while others are not mandated to do so, although it is recommended. Future changes could make a compliance program mandatory even for those currently not obligated. Compliance programs consist of more than just a binder of policies and procedures collecting dust on the shelf; they include regular audits, risk management programs, updates, education and other factors. An in-depth audit of a potential partner’s compliance program and implementation history is mandatory.

3. Physician Self-Referral (Stark) & Anti-Kickback Laws

The Stark Law and Anti-Kickback Statute, among other fraud and abuse laws, place strict limitations on relationships between providers and potential referral sources. Valuable keys predicting the success of a provider’s financial stability can be embedded within an opaque and tangled regulatory maze. These potential liabilities extend beyond the federal Stark Law and Anti-Kickback Statute and include various state versions of those laws, some of which mimic their federal counterparts and others which are completely different. While these laws may not apply to the ownership structure of the provider, other types of relationships may be governed by the laws, which may have an impact. There may also be exceptions or safe harbors protecting against liability under such laws depending upon the structure of the applicable financial arrangements.

For outside financial partners, fraud and abuse laws present significant challenges because quick expansion or modification of practices may not be possible. It’s always prudent to realize in health care, a good business idea can easily turn into fraud and face an abuse challenge. While it may be possible to pursue the business goal, achieving a profitable result could be much different and costlier than initially envisioned.

4. Corporate Practice of Medicine Doctrine

The Corporate Practice of Medicine Doctrine essentially bans unlicensed individuals and entities from practicing medicine by restricting non-physicians from employing licensed physicians. Some form of this doctrine exists in many states, but it is not identical across the states employing it. Arrangements in which non-licensees have financial stakes in professional service entities, through direct ownership or management arrangements, must be carefully scrutinized. When state laws are involved, don’t assume one model will work in every state.

5. Licensing Issues

Many states require certain types of health care facilities to be licensed and, in some instances, to obtain a certificate (or determination) of need before becoming licensed. Ensuring the facility has all of the licenses and permits it needs is vital. Penalties for non-compliance can range from daily fines to a facility’s complete shutdown. Again, requirements vary from state to state. Additionally, an investment, depending on the structure, may trigger a change of ownership or control which requires notice or consent of a licensing authority. A change in ownership of less than 50% of the licensed entity may still require notice or approval. Additionally, depending upon the type of license and plans connected to the transaction, determining whether a new license, where necessary, will be issued is essential. In some states, an official and/or unofficial moratorium may exist for issuance of new certificates of need and/or licenses.

6. HIPAA Protocol

For many years, the Health Insurance Portability and Accountability Act (HIPAA), as amended existed with little enforcement. That lax compliance environment has changed dramatically. Heavy penalties for violations, ranging in value from hundreds of thousands to millions of dollars, have been and continue to be imposed and publicized. The government will continue to examine providers, and to levy fines, related to their compliance with HIPAA, which includes having the required policies and procedures in place, conducting risk assessments and following mandated breach notifications.

HIPAA should always be a factor in early discussions between a lender and a target company. Proper due diligence should involve examination of a practice’s operations, records and other documents. This type of examination will require access to protected health information. HIPAA permits covered entities, the practice in this case, to share protected health information as part of a major financial transaction without making the lender or acquirer a business associate. However, consideration should still be given to the form of an appropriate confidentiality agreement and privacy and security protections for any protected health information shared and responsibility for a breach of confidentiality or a breach as defined under HIPAA.

In a financial transaction of any type, a complete understanding of health care laws is vital because related violations can lead to imprisonment, exclusion from government programs, criminal fines, civil liability, recoupment of payments made as a result of the violations and other serious legal consequences. A lender should consider whether the targeted health care services provider should resolve any violations prior to completing a transaction, either by paying monies owed or by voluntarily disclosing a violation to the government and reaching a settlement agreement. If such a remedy is required, waiting for resolution could significantly affect when a closing can occur. Outside capital providers should also consider the impact these violations might have on the provider’s market reputation and future revenue stream.

These six categories cover the most significant risks a potential lender should evaluate when exploring any type of financial transaction with a health care services provider partner. Given the current market dynamics, the prospects for achieving intended outcomes are promising, but proper and thorough due diligence is the key to success. In the complex and highly regulated business of health care, the due diligence requirement is significantly greater.