Most lawyers specializing in mergers and acquisitions (M&A) apply a standard approach to handling acquisitions and divestitures across a broad spectrum of industry contexts, calling in subject-matter specialists as needed to review specific representations and warranties or to address other discrete issues that arise. While this process can be successful for transactions in many industries, the complex web of statutes and regulations governing the business of health care necessitate a more integrated approach when managing any health care-related M&A transaction. This has never been more important than today, as health care entities strive to implement the requirements of the Patient Protection and Affordable Care Act. This article discusses several areas of health care law that are of critical importance to entities seeking a successful health care M&A deal.
The traditional process of evaluating the financial health and performance of a health care entity based on its cost structure, payer mix and volume indicators is being supplemented by a focus on quality of care that can meaningfully affect the value of a target entity. For example, the new Hospital Value-Based Purchasing (VBP) Program adopted by the Centers for Medicare & Medicaid Services (CMS) will adjust payments to acute care hospitals based on patient outcomes. Specifically, beginning in January, the VBP program requires that the CMS withhold a percentage currently 1 percent but rising to 2 percent by 2017 of all federal payments to acute care hospitals. The CMS will distribute the approximately $850 million in annual withholdings to hospitals that participate in the VBP program in lump-sum payments based upon each facility's performance under 25 quality metrics, eight of which are directly tied to patient satisfaction.
Particularly in light of hospitals' narrowing profit margins, the likelihood that a hospital will recoup the amounts withheld by the CMS under the VBP program could have a significant impact on purchase-price negotiations in an M&A transaction. Potential buyers have several avenues to assess the likelihood of payments under the VBP program, including analysis of "preview reports" issued by the CMS and comparison of an individual hospital's performance to the CMS's Hospital Inpatient Quality Reporting Program. But even after review of such resources, buyers and sellers are likely to disagree on the amount of a target's expected VBP program payment. This uncertainty may be addressed in the acquisition agreement through a mechanism such as a holdback or a post-closing adjustment for any difference between the estimated and actual VBP program payments.
Protected Health Information
While nondisclosure or confidentiality agreements suffice to protect buyers and sellers conducting due diligence for non-health care entities, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires a more robust "business associate agreement" between a health care organization and any entity with which it shares protected health information (PHI), including a potential buyer.
The omnibus final rule that was recently adopted by the Department of Health and Human Services' Office for Civil Rights (OCR) implements numerous changes to HIPAA, including: (1) making business associates directly liable for unauthorized use or disclosure of PHI; (2) requiring that affected individuals, the OCR and, under certain circumstances, the media, be notified of PHI breaches unless a covered entity or business associate can demonstrate that there is a low probability that the PHI has been compromised based on specific risk assessment criteria; and (3) substantially increasing the fines and penalties arising from a breach of HIPAA. Accordingly, parties contemplating a health care M&A transaction must be extremely mindful of the privacy and security of any PHI that is exchanged. In particular, sellers compiling electronic data rooms should disclose only the minimum PHI necessary to respond to a potential buyer's due diligence requests and should take advantage of features that restrict printing or downloading of documents that contain PHI. And for their most sensitive documents, sellers may even consider requiring that a buyer review hard copies in a physical data room.
Participating providers in federally funded health care programs such as Medicare and Medicaid must certify on an annual basis that their billings and operations comply with federal regulations. Because failure to certify may lead to de-activation of an organization's provider number and ineligibility to receive Medicare and Medicaid payments, sellers should not only represent and warrant that all prior certifications have been duly made, but they should also covenant that any certifications falling due between signing and closing will be timely made. Potential buyers should also be aware that violations of the certification requirement based on violations of the Stark, anti-kickback or Civil Monetary Penalty statutes may lead to penalties under both those statutes and the False Claims Act, which may include treble damages and criminal penalties. And as the federal government realizes a recovery of $7.90 for every dollar it spends on health care-related fraud and abuse investigations (yielding a return of $4.2 billion in 2012), the rate of health care fraud and abuse investigations is expected to increase. (See Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2012 at http://1.usa.gov/WTXQ2G.) In light of the significant monetary and other penalties that may apply to such violations, potential buyers should insist that sellers retain liability for all pre-closing certifications either through a specific indemnity or through "flat" representations and warranties that are not subject to knowledge qualifiers, disclosure schedules or other limitations.
Medicare Provider Number
One of the most critical decisions in any health care M&A deal is whether the buyer will assume the seller's Medicare provider number or instead apply for a new number. Assuming the seller's provider number enables a buyer to bill Medicare and other federal health care programs without interruption for the lengthy provider number application process, all liabilities arising under the old number will transfer to the buyer with the change of ownership. These liabilities which include liability for recovery audit contractor (RAC) overpayments and investigations under the Stark, anti-kickback, Civil Monetary Penalty or False Claims Act statutes can be substantial, will likely be unknown at the time of the transaction and may fluctuate over time. Accordingly, a buyer who elects this approach must pay careful attention to the provisions of the acquisition agreement that will protect it from such liabilities. For example, because the three-year look-back period for RAC audits exceeds the 12-to-24-month period that limits survival of representations and warranties in most M&A transactions, a buyer should seek either a specific indemnity for RAC audit liability that is not subject to a limited survival period or an extension of the survival period to cover the three-year look-back period. In addition, a buyer who assumes the seller's provider number should avoid consequential damages waivers that may limit the buyer's ability to receive indemnification for punitive or treble damages that could apply under the Stark and anti-kickback statutes.
Alternatively, a buyer may elect to avoid assumption of such seller liabilities by obtaining a new Medicare provider number. The downside to such an election is that, because payments for treatment of Medicare beneficiaries are not made without a valid Medicare provider number, the buyer may be ineligible to receive such payments for an extended period while a new number is obtained. Although sub-regulatory guidance directs Medicare administrative contractors to process initial enrollment applications within 60 to 180 days of receipt, the process may extend well beyond that period because of administrative inefficiencies or provider error. Because the buyer's provider number application cannot be filed until the transaction closes, the buyer must be prepared for an extended period without cash flow during the application processing period, even if the buyer begins treatment of Medicare beneficiaries immediately following closing. A buyer that has the financial ability to wait for its Medicare payments and chooses this option will want to ensure that its enrollment application is filed with the CMS immediately upon closing. To do so, the pre-closing conditions and covenants in the acquisition agreement should require that the seller provide, at or prior to closing, all information, supporting documents and other cooperation that the buyer will need to complete the enrollment application.
While a comprehensive review of the ways in which health care laws affect M&A transactions is beyond the scope of this article, the foregoing examples serve to illustrate how specific health care laws affect various aspects of M&A transactions, from purchase price calculations and payment mechanisms, to representations and warranties, conditions, pre- and post-closing covenants and indemnification provisions. Because these effects may not be evident to an M&A practitioner who lacks specific training in health care law, entities engaging in M&A activity involving health care businesses are well advised to seek counsel who are not only experienced in M&A law but who also have specific knowledge and experience regarding the impact of health care law on M&A transactions.
Douglas A. Grimm is a partner at Stradley Ronon Stevens & Young and chair of the firm's health care practice group. He previously served as chief operating officer of multiple acute-care hospitals throughout the United States and remains active as a Fellow of the American College of Healthcare Executives. He can be reached at 215-564-8539 or email@example.com.
Alycia M. Vivona is an of counsel at the firm, where she handles complex mergers and acquisitions, corporate restructurings, secured lending and intellectual property licensing matters. She can be reached at 202-419-8424 or firstname.lastname@example.org.