The investor-backed provider community may be feeling pressure and facing scrutiny from various angles in 2024, as federal and state agencies implement complex pre-closing review processes for healthcare transactions from an antitrust and oversight perspective. In addition, federal and state agencies continue to focus their efforts on combating fraud and abuse. On the economic side, high interest rates impact valuations and execution risk.
As these factors affect deal flow and company margins, healthcare portfolio companies may want to focus on internal platform clean-up actions and implement compliance measures to best position themselves in this environment. It is no surprise that quality assets continue to drive higher valuations, as discussed recently at the 20th Annual Healthcare Private Equity and Finance Conference; therefore, ensuring quality compliance programs at all levels of a company remain crucial.
The following are 10 actions healthcare portfolio companies can take for ongoing success in the market today and in preparation for an exit.
1. Address noncompete changes. The Federal Trade Commission (FTC) issued a final rule that invalidates most noncompete clauses and makes it an unfair method of competition to enter into new noncompete clauses after the comprehensive ban takes effect on Sept. 4, 2024 (if it is not paused by courts prior to such date). Many healthcare providers will want to start bringing business practices into compliance with the final rule and review their clauses to understand the impact to their businesses.
Healthcare platforms should (1) consider assessing which personnel have noncompete provisions; (2) assess other restrictive covenants to see if the agreement’s confidentiality, nonsolicit and trade secret provisions accomplish what is necessary to protect the platform’s interests without reaching the FTC’s prohibitions; and (3) develop a strategic plan, including whether to enter new forms of restrictive covenants before the final rule’s effective date. In addition, for new arrangements before the final rule takes effect, healthcare platforms will want to (4) include severability language to ensure the agreement remains enforceable even if the noncompete is unenforceable; (5) tailor any restrictions narrowly to maximize the likelihood of being upheld under applicable state law if this final rule does not take effect; and (6) document new restrictions and their applicability to post-employment relationships to fulfill the affirmative obligations of the final rule to alert employees that the clause will not be enforced.
For healthcare providers considering each of these proactive measures, there is not a one-size-fits-all approach. Healthcare providers should continue to monitor updates as court challenges may impact initial organizational decisions in response to the final rule. Healthcare platforms can learn more about the rule in FAQs: An Essential Guide for Healthcare Leaders Navigating FTC’s Non-Compete Ban (April 26, 2024).
2. Adopt an antitrust compliance policy/program. Federal and state antitrust enforcers expect healthcare providers will have a separate antitrust compliance program as part of their overall compliance program. In addition, the FTC, Department of Justice (DOJ) Antitrust Division and state antitrust enforcers recently put private equity (PE) healthcare investments in their focus, increasing the likelihood that a PE-backed provider organization platform could find itself under investigation as part of a merger clearance process or an investigation into its operations, particularly with respect to payer contracting practices, employee compensation and recruiting, and growth strategies. The FTC also has a new portal where any person in the public can report healthcare competition complaints or issues for the FTC and the DOJ to review.
In light of this increased attention, there is no better time to implement an antitrust compliance policy and program or review existing ones. Because there is no entity too small to be subject to a criminal or civil antitrust enforcement action and individuals can face jail time in healthcare antitrust matters, it is imperative that companies and teams have the tools to identify and avoid antitrust risk. The DOJ Antitrust Division made it clear it will consider whether a company had an effective antitrust policy in place prior to discovering potentially unlawful conduct when deciding whether to pursue an enforcement action as a civil or criminal matter and in considering how to resolve a criminal matter. Such consideration can be critical for a healthcare provider because a conviction can result in Medicare/Medicaid debarment. In addition, whether a company has a policy may figure into a criminal sentencing calculus and may result in lesser consequences and fines.
Implementing such a program can better position the company in a strategic transaction, as many buyers are making antitrust risk a due diligence priority. Most importantly, an antitrust compliance program that includes targeted training means that all team members in competitively sensitive areas of the business, including human resources, managed care, procurement and business development, can help manage and reduce antitrust risk.
3. Be prepared for significant changes to the Hart-Scott-Rodino (HSR) Federal Merger Review Process. In 2023, the FTC issued a notice of proposed rulemaking that, if adopted, would significantly amend the rules and instructions governing the scope of information that must be submitted in a pre-merger filing under the HSR Act. The final rule may be introduced soon and will go into effect quickly thereafter. Under the HSR Act, parties to qualifying transactions must notify the FTC and DOJ of the transaction by submitting an HSR form and certain documentary attachments and let a waiting period expire before closing.
Once the new rule is effective, parties entering into transactions that require an HSR filing, including platform recapitalizations and sponsor exits, should expect the following:
- The process to prepare and gather the information required for the filing will likely be significantly longer and more resource-intensive (although certain regulators seem to signal that the final rule will be less burdensome than the proposed rule).
- Parties may need to submit more details about their businesses, including corporate structure and the relationships among PE entities and other investors, and about the proposed transaction as part of the pre-merger filing process — even for deals with no substantive antitrust issues.
- Parties may also need to submit ordinary course business documents that were not prepared specifically to evaluate the transaction but that discuss pre-merger and future competitive dynamics and strategies broadly.
Parties considering transactions should consider how they would comply with the document preservation and retention obligations, which will apply earlier in the process under the new HSR rules. Document preservation measures and suspension of auto-delete functions in a company’s IT environment and messaging applications (e.g., apps that do not save conversations) will need to be implemented to comply with the DOJ’s and FTC’s expectations and avoid serious consequences. Doing so will require planning across departments of the filing parties.
4. Track and document achievement of pro-competitive goals. Providers should not assume they will get credit for increasing quality, improving conditions for workers, decreasing cost and increasing access to care unless they track and document the same for presentation in the context of a government deal review or investigation. Clients frequently recite stories about drastically improving care for their communities, but these stories often are anecdotal and not supported by data. Parties should set out the goals of an investment prior to any transaction and then set, track and document targets throughout the investor’s hold period. This information can then be used during state and HSR filing processes and will help tell the story of the investment to prospective partners (such as transaction partners, lenders, etc.). It’s also a helpful management tool during an investment period to confirm performance objectively against pre-transaction goals.
5. Know the pre-transaction state filing requirements. More and more states require pre-closing notice or review and approval of certain transactions to gain additional insight into potential antitrust issues and healthcare access, quality, cost and equity concerns related to qualifying transactional activity. States increasingly require this even for smaller-scale physician practice acquisitions and other deals not typically subject to pre-close scrutiny. As of the publication date of this alert, the following states have pending or active laws related to pre-transaction notification or review and approval requirements for transactions beyond hospital transactions: California, Connecticut, Illinois, Indiana, Massachusetts, Minnesota, Nevada, New York, Oregon and Washington. Other states, including Maryland and Pennsylvania, are considering similar requirements. The laws can make it more difficult for healthcare platforms to complete their M&A goals, which may necessitate further review and planning.
6. Review compliance policies and plans against new OIG guidance. In November 2023, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued the General Compliance Program Guidance (GCPG) for healthcare providers and other industry stakeholders. OIG intends for members of the healthcare sector to use the GCPG to create and maintain an appropriate compliance program. The GCPG continues to demonstrate OIG’s emphasis on the need for compliance as part of each healthcare industry actor’s goals and operating practices. Much of OIG’s guidance is not new, but it reinforces past statements and formalizes insights learned from past enforcement and corporate integrity agreements. In that context, the GCPG provides a useful primer for healthcare industry leaders. Note, however, that OIG guidance does not cover antitrust compliance programs, which must be separately implemented, as discussed above.
The GCPG also highlights the importance of compliance expertise and considerations for entities that may not be “traditional” healthcare industry players but have an expanding role in the industry, including private equity funds and investors, digital health entities and technology companies.
McGuireWoods published an alert summarizing this guidance including 10 action items to address in 2024 to build a strong compliance culture.
7. Implement frequent billing and coding audits in light of increased FCA cases. In February 2024, the DOJ reported that the FCA settlements and judgments in the fiscal year ending September 2023 exceeded $2.68 billion, and the same period saw the highest number of settlements and judgments in a single year. McGuireWoods reported on FCA cases in 2023 in connection with improper physician relationships, alleged kickbacks related to medical device distributors and alleged kickbacks by durable medical equipment suppliers, among others. The industry does not expect the DOJ’s focus on fraud and abuse to slow in 2024.
To mitigate a portfolio company’s risk of becoming a target of FCA actions, in addition to taking all billing and coding complaints by patients, employees and others seriously, companies can proactively conduct frequent and periodic internal and external billing and coding audits. It’s important to understand whether the company is an outlier when it comes to revenue, evaluation, and management-level 4 and 5 codes, and individual provider productivity levels as compared to similarly situated companies, as outlier companies will be common targets for government probes. When conducting billing and coding audits, companies must also remember Centers for Medicare & Medicaid Services’ (CMS’) rule that places an obligation on providers to repay overpayments within 60 days of identification.
8. Verify Medicare enrollment ownership and location reports. Healthcare providers face more review of their enrollment records from CMS. In some instances, providers have been contacted by CMS and their Medicare administrative contractors (MACs) to verify that their ownership information, as reported in Medicare enrollment records, is accurate. While generally, technical failures to update ownership information are not significantly punished, this outreach serves as an important reminder to providers of their regulatory obligations to accurately report and update ownership information in Medicare enrollment filings or face severe penalties. In some recent circumstances, providers faced administrative sanctions and had to appeal billing privilege revocation for failure to update ownership, officer information and/or clinic location address information.
One example of this focus are letters from CMS to enrolled providers with two or more enrollments under one tax identification number when it finds inconsistent ownership information. Such multiple enrollments can occur when providers add service lines such as DME, prosthetic, orthotic and other supplies, locations straddle multiple MACs, or the provider has grown over time. A second example is that CMS now requires that nursing homes disclose their PE and real estate investment trust investors. Such information can be disclosed publicly, as CMS released in 2023 the ownership data of all hospice and home health agencies, with more such public disclosures anticipated in the future. This information can then be further scrutinized.
Typically, Medicare enrollment filings do not rise to the level of provider’s leadership or owners to review, but instead, to lower-level staff members to submit such information. An internal compliance audit can help ensure submitted information is correct and leadership changes are disclosed. Providers should proactively update Medicare enrollment data to safeguard Medicare billing privileges.
9. In anticipation of potential audits, review COVID Provider Relief Fund compliance. To provide relief to providers and businesses whose operations were impacted or shut down as a result of the COVID-19 pandemic, federal and state governments provided financial assistance in the form of grants, awards and loans. Now, after billions of dollars have been funneled into businesses and providers during the public health emergency, there is an increase in audits and recoupment actions to ensure recipients of COVID-19 funds complied with applicable program rules.
Recipients of funding may be subject to single audits. Office of Management and Budget rules require organizations that spent more than $750,000 of federal funds in a year (including via the Provider Relief Fund) to undergo a single audit. In addition to the single audits, the OIG announced it will perform its own audits to determine whether Provider Relief Fund payments were: (1) correctly calculated, (2) supported by “appropriate and reasonable” documentation and (3) made to eligible providers. It will be important for any provider who received a portion of the Provider Relief Fund to ensure compliance with the detailed Provider Relief Fund requirements including maintaining documentation to support such providers eligible for the funds. Because government guidance changed over time, providers should ensure compliance with the final terms. Consider documenting choices made earlier in the process before guidance finalized and work with accountants/auditors on the use of COVID-19 related funds.
10. Implement a nondiscrimination policy and other operational changes to comply with ACA Section 1557. Earlier this year, the HHS Office for Civil Rights and CMS published their final rule on nondiscrimination (the 2024 rule) under Section 1557 of the Affordable Care Act (ACA). The 2024 rule departs in significant ways from the 2020 rule and will apply to nearly every healthcare provider in the country. Section 1557 prohibits discrimination on the basis of race, color, national origin, sex, age or disability in health programs or activities that receive federal funding, including Medicare and Medicaid. The 2024 rule is effective July 5, 2024, although covered entities have between 120 and 365 days after the effective date to comply with certain provisions. Generally, healthcare platforms are going to need to implement at least eight requirements under the 2024 final rule, including:
- appoint a coordinator by Nov. 2, 2024, to coordinate with the platform’s responsibilities under Section 1557 and its regulations;
- implement Section 1557 policies and procedures by July 5, 2025, on the following — (i) nondiscrimination policy, (ii) grievance procedures, (iii) language access procedures for those with limited English proficiency, (iv) effective communication procedures for those with disabilities, and (v) reasonable modification procedures for those with disabilities;
- train relevant employees on the policies and procedures within 30 days of adopting them;
- provide patients a notice of nondiscrimination by Nov. 2, 2024;
- provide patients a notice of availability of language assistance services free of charge by July 5, 2025; and
- identify and mitigate nondiscrimination in the use of patient care decision support tools, such as artificial intelligence, by May 1, 2025.