Jump to Navigation | Jump to Content
American Bar Association

ABA Section of Business Law

ABA Section of Business Law
Business Law Today
September/October 2000

Enforcement gets tougher

A primer for health-care deal makers


Y ou think you know all about due diligence? Think again. Unless you’ve done it when one health-care outfit buys another, you haven’t really done it all.

Health-care organizations and their lawyers operate in a complex environment. In 1993, the attorney general made fighting health-care fraud her top priority behind violent crime. Since 1993, the Clinton administration said the government has recovered more than $50 billion in fines and penalties and that health-care fraud convictions have increased by more than 240 percent. In 1999, nearly $500 million was returned to the federal government, a 65 percent increase from the previous year.

In the same year, the federal Medicare program denied approximately $5.3 billion in inappropriate claims for payments. Additionally, President Clinton proposed in his State of the Union address this year a new initiative, which would allocate $48 million to combat health-care fraud and abuse as part of his FY2001 budget.

In light of the government’s success and the political popularity of fighting health-care fraud, it is crucial that business lawyers representing health-care organizations understand the current regulatory environment. That is especially so when conducting due diligence in a client’s merger or acquisition of another health-care entity. Thus, while corporate and business lawyers may have conducted various corporate due-diligence reviews that focus on the acquired corporation’s records, contingent liabilities, property and other matters typically scrutinized in a due-diligence review, they must also understand an organization’s compliance with health-care regulations and statutes. Failure to do so could buy your client an extremely large liability.

The purpose of this article is to provide guidance to those conducting due-diligence reviews for their health-care clients. For our purposes, health-care clients include hospitals, physician practices, nursing homes and managed-care organizations.

This article does not describe the basis of liability or outline the elements for each of these laws and statutes. However, business lawyers who do not have regulatory experience or understand the myriad of federal and state health-care regulations facing their clients should defer to others who have experience in such matters.

First, assume that your client, WeCare Health Management Inc. (WeCare), is a hospital management company that manages facilities throughout the Southeast. In the past, your law firm represented WeCare in an employment-discrimination suit, and WeCare has used another law firm for its past two hospital acquisitions.

However, dissatisfied with its representation, WeCare’s CEO tells you that he wants to use your law firm in WeCare’s acquisition of Town Hospital (TH), located in a small community in Georgia. While your firm has never conducted a due-diligence review of a hospital, you assure the CEO that the firm will do an excellent job.

You begin to prepare a list of various areas that you normally examine in due-diligence reviews for your corporate clients. These include: corporate data and records, litigation information, environmental matters, financial statements and records, title and mortgage matters, tax information, correspondence with government and regulatory agencies, employee issues, etc. You are confident that you are covering the corporate bases.

However, you know that you will have to review various risk areas and operations related specifically to hospital regulations. You read the Wall Street Journal articles and remember all of the indictments of health-care company executives and their lawyers. How do you prepare a due-diligence request list that addresses fraud and abuse issues, and after compiling the list, how do you conduct any additional due diligence?

A number of federal and state agencies have authority to investigate and prosecute health-care organizations. The federal government investigates and prosecutes health-care organizations through the Department of Health and Human Services (HHS) as well as the Department of Justice.

The two relevant divisions within HHS are the Health Care Financing Administration (HCFA) and the Office of Inspector General (OIG). The HCFA oversees the administration of the Medicare/Medicaid programs, and the OIG is charged with protecting the fiscal integrity of these programs. One of the OIG’s main responsibilities is to investigate fraud and abuse allegations in the health-care industry. This office often collaborates with the FBI to lead government initiatives.

Within each state government, the state attorney general’s office is responsible for investigating and prosecuting health-care fraud and abuse through its Medicaid Fraud Units. It is important to emphasize that the DOJ coordinates its efforts with the OIG, State Medicaid Fraud Units, the IRS and other state and federal agencies. (See the sidebar on "Regulations.")

In addition to the laws and regulations in the "Regulations" sidebar, you should also understand the OIG Model Compliance Program Guidances, the OIG’s WorkPlan for FY 2000, HHS advisory opinions, your state’s Medicaid statute and accreditation guidelines.

The OIG has issued model compliance program guidelines for laboratories, home health agencies, hospitals and other providers. A compliance program is the establishment of internal controls within an organization that helps the organization comply with all applicable laws and regulations and identify and correct noncompliant conduct and practices.

In each compliance "guidance," the OIG specifies regulatory risk areas that the organization should address such as billing, contracting, referrals and medical necessity for treatment. Thus, when beginning to examine the risks of a provider, it is prudent practice to read any applicable compliance guidance.

Similarly, the OIG’s annual work plan outlines the areas that the agency plans to audit, investigate and prosecute. Similarly, the OIG and other federal agencies issue various publications (advisory opinions, fraud alerts, etc.) that outline areas the government is investigating. (You can get all this information from the OIG’s "Electronic Reading Room" at http://www.hhs.gov/progorg/oig/readrm/index.htm.) It is important to note that there are various other federal and state agencies (such as the IRS, the state Department of Medicaid) and accreditation agencies (such as the JCAHO) that may be investigating specific types of providers or that may be publishing guidelines like the OIG.

When planning your due-diligence review of a health-care organization, you must begin by understanding the unique risks of each type of health-care provider. Many of us have used due-diligence checklists and forms that uncover specific information about the health-care organization’s assets, liabilities and other important information. For all health-care providers, there are typical documents that you should review such as agreements with other providers, HMO insurers as well as Medicare and Medicaid.

However, you must also analyze the risks unique to the specific type of health-care organization, which most often are contained in the Medicare regulations, hospital manuals, intermediary and carrier manuals and case law. You must investigate how the organization’s operations and daily practices comply with specific federal and state regulations and laws.

For example, assume that Town Hospital has provided you with a list of its doctors that have been disciplined by the state licensing board. You should not end your due-diligence review here. Rather, you should investigate whether the disciplined doctors have been excluded from participation in the Medicare program.

The Balanced Budget Act of 1997 provides for civil monetary penalties for an organization contracting with individuals it knows or should have known are excluded from a federal health-care program. Additionally, federal law requires providers to conduct background investigations of senior executives, and in some instances, case managers, doctors and billing and accounting staff.

Failure to conduct such investigations jeopardizes the hospital’s contract with Medicare and Medicaid. Remember that federal insurance programs constitute the majority of a hospital’s livelihood.

You should also review arrangements and relationships between the hospital organization and its medical directors, doctors, vendors and third-party billing companies. Often, health-care organizations enter into arrangements that do not satisfy the safe harbors of the federal and state anti-referral statutes and implicate the private inurement provisions of the federal nonprofit IRS laws.

An example of a bad arrangement involved one in which a hospital CEO agreed in a letter to pay a doctor, who served on the hospital’s medical staff, to serve as medical director of the hospital. The CEO indicated in the letter that he would pay the medical director $20,000 annually for performing administrative services such as attending hospital meetings, recruiting for the hospital and overseeing quality-of-care issues. The doctor, a busy surgeon and the biggest rainmaker, in fact never conducted any of the administrative responsibilities or documented his time. He did, however, receive the $20,000 from the hospital.

Also, the parties did not execute a formal written agreement. Finally, the majority of patients referred were Medicare patients. Such an arrangement invokes the anti-kickback statute because there was not a formal written arrangement for a one-year term, and the arrangement did not represent fair market value.

It is important that you understand the relationships with the hospital corporate entity. In many instances, subsidiary corporations are created or joint ventures are entered into that implicate the anti-kickback statute. These types of arrangements not only provide the government with ammunition to extract civil monetary penalties, but also enable the government to pierce the corporate veil under state law.

To the extent that you may feel uncomfortable with interpreting numerous health-care regulatory issues, you should consult a lawyer familiar with health-care operations and regulations.

For the corporate lawyer, due diligence is one of the many components required in representing a client in a merger and acquisition. Since federal and state laws strictly govern health-care organizations, a merger and acquisition in the health-care industry presents unique challenges.

With the emergence of e-commerce and the Internet, federal and state governments are continually proposing new privacy laws to protect the confidentiality and security of health information. As these laws evolve, corporate lawyers face additional challenges in representing their clients. Thus, successfully representing a health-care organization requires a multi-disciplinary team of lawyers.

Schoen is counsel and Posey is an associate at Smith, Gambrell & Russell, LLP, in Atlanta

Back to September/October Business Law Today | Back to Business Law Home Page

Back to Top