1. Introduction
According to the 2021 ABA Private Target Mergers Acquisitions Deal Points Study, 99% of the acquisition agreements studied included a “compliance with all laws” (Compliance) representation and warranty (RW). Within those RWs reviewed, 82% included some RW on whether the target received notice of a violation or law, 30% included some RW on whether the target received notice of an investigation of a violation of law, 19% were RWs that covered past and present compliance, and 2% included some type of knowledge qualifier. While the study includes health care deals (the largest portion of the deals, at 15.4%), it also included approximately 14 other industry sectors.
It isn’t surprising to see such a high level of Compliance RW inclusion in transaction documents. In fact, it would seem odd not to expect a seller or borrower to agree to the most basic of RWs, which often can be as simple as:
Compliance with Law. Seller has, since X, complied, in all material respects, with all provisions of all foreign, federal, state and local laws and regulations relating to Sellers and the Company’s business, including, but not limited to, those relating to Seller’s ownership of real or personal property, the conduct and licensing of the Company’s business, and all environmental matters.
However, there are significant reasons why, despite the generality and wide scope of most Compliance RWs, that such an RW just isn’t enough in a health care transaction.
The U.S. health care industry represents a significant portion of the U.S. economy. It is one of the largest portions of U.S. gross domestic product (GDP). The U.S. Centers for Medicare and Medicaid Services (CMS) reported that in 2020, the overall share of U.S. GDP related to health care spending was 19.7%. That figure is now likely a bit of an outlier because, according to Health Affairs, “[US] health care spending increased 9.7 percent to reach $4.1 trillion in 2020, a much faster rate than the 4.3 percent increase experienced in 2019.” The significant increase from 2019 to 2020 was the result of federal expenditures for health care that were mostly in response to the COVID-19 pandemic. However, while that 19.7% share may shrink a bit in the coming years to 18% or so, its still expected to come back to that level by 2030. All in all, the health care industry is a large portion of the U.S. economy and is steadily growing. Health care transactions continue to grow in number and size each year.
While health care is a large business in the United States, it is also personal; life and limb are literally at stake. In that respect, as the number of practitioners and treatment providers grew and as technology changed how care can be and is provided, government-imposed guard rails (i.e., regulation) grew and became more prevalent. Depending on what data is being used and the source of the data, the U.S. health care industry is the most, the second-most, or at least in the top 10 of the most regulated industries in the country. Often that estimation of how highly regulated the industry is includes the regulation of health care providers and suppliers and manufacturers of supplies, drugs, and medical devices.
While we address broader issues relating to the need for robust industry-specific RWs in health care–related transactions in this article, it’s important to note at the outset the two large issues that make transactions involving health care businesses different from, for example, the sale of a paper mill. First, as we’ve mentioned, health care involves life and limb, and most, if not all, health care businesses carry some level of special risk to the clients, consumers, patients, etc. associated with that business. Second, the significant regulation in the industry and risks relating to non-compliance call for different treatment of the promises and expectations agreed to between buyer and seller or lender and borrower.
2. Material Risks in a Highly Regulated Industry
A comprehensive discussion of every liability risk that could be present in a health care transaction is well beyond the scope of this article. However, an overview of some of the material risks that exist in health care transactions is important to understanding the need for robust industry-specific RWs. These material risks include government reimbursement, fraud and abuse, licensure, excluded parties, and health care privacy-related issues.
a. Government Reimbursement
To participate in federal health care programs (FHCPs), health care businesses agree to comply with a significant regulatory framework, mostly in the form of requirements for participation and specific requirements relating to the submission of claims for services or supplies provided.
Material liability risks for health care businesses can arise from a failure to meet one of the applicable regulatory requirements relating to participation in a FHCP or claims submissions. Citations for a failure to meet participation requirements can result in civil fines, which in some cases can be astronomical. A failure to pay civil fines may also result in termination of participation in one or more FHCPs. Non-compliance with claims submission requirements can also be serious. Non-compliance can result in demands for recoupment, allegations of overpayment, and in some cases federal False Claims Act (FCA) liability. Penalty multipliers built into enforcement statutes, such as the FCA, can turn an underlying $100,000 liability into a $20,000,000 obligation.
b. Fraud and Abuse
Fraud and abuse in FHCPs have been a concern since the enactment of major federal and state programs. Major fraud and abuse laws include the federal Anti-Kickback Statute (AKS), 42 U.S.C. §1320a-7b(b); the Physician Self-Referral Prohibition (the Stark Law), 42 U.S.C. §1395nn; and the Criminal and Civil False Claims Acts, 18 U.S.C. §287 and 31 U.S.C. §3729. These laws prohibit certain business practices and provide for penalties relating to fraudulent claims to FHCPs. Depending on the conduct involved, liability can be civil and/or criminal. Like the FCA liability described above, penalties and penalty multipliers built into these statutes can result in significant obligations and termination from one or more FHCPs. Moreover, actual or potential fraud and abuse liability is rarely immaterial to a transaction unless its civil and the target involved is so large that the liability is immaterial to its business operations.
c. Licensure
Practically all health care businesses require some type of license or permit to do what they do. Acquiring and maintaining those licenses and permits requires compliance with certain statutory and regulatory obligations. Material risks exist for an acquirer relating to permits and licenses when a target has either engaged in serious non-compliance or been the subject of multiple instances of immaterial non-compliance that in the aggregate become serious. Either scenario might result in possible suspension or revocation of a license or permit, an outcome that can wipe out a business’s value overnight.
d. Excluded Parties
Excluded parties are basically persons or entities that have been excluded from, directly or indirectly, doing business with the federal government. The U.S. Department of Health and Human Services Office of Inspector General (OIG) has the authority to exclude individuals and entities from participating in FHCPs. Exclusion in its most basic sense means that no payment can be made for any items or services furnished, ordered, or prescribed by an excluded individual or entity. In addition to OIG exclusions, the U.S. General Services Administration maintains a comprehensive list of individuals and entities that have been excluded from participation in federal contracts. A target that employs (or previously employed) an excluded individual or has (or previously had) a contract with an excluded party can have material risks associated with it. In addition to a possible repayment of the dollars connected to the excluded person, there are civil penalties that may also be assessed that can become significant.
e. Health Care Privacy Issues
In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes national privacy standards to protect individuals’ medical records and other personal health information (PHI). It also establishes physical and electronic security standards for PHI. Compliance responsibilities are primarily on “Covered Entities” under the law, but they also extend to a covered entity’s business associates. Enforcement relating to violations of HIPAA has grown exponentially since it was first enacted. HIPAA violations can result in civil or criminal liability, depending on the nature and extent of the violation. The civil penalties can end up being quite costly; with inflationary adjustments the numbers now range from $120 to $60,226 per violation. Additionally, Covered Entities must provide notification of a privacy breach to affected individuals, the secretary of HHS, and, in some circumstances, the media. The notification costs relating to a significant breach could be in the millions of dollars.
3. “All Laws” vs. Necessary Risk Allocation and Due Diligence in a Highly Regulated Industry
Industry-specific RWs are the norm in the market, especially where the industry is highly regulated. There are sellers and borrowers that might argue that a buyer or lender should be comfortable with a standard Compliance RW qualified by materiality and knowledge. However, as we discuss below, such a standard RW (particularly with qualifications) is simply not enough to adequately allocate risk between buyer and seller or lender and borrower on many issues involving health care businesses, especially the material issues outlined above. There are three major reasons for incorporating detailed industry-specific RWs in transactions documents: (1) attracting the attention of the seller or borrower to material issues; (2) ensuring the proper risk allocation between the parties; and (3) buyer or lender diligence.
a. Attracting the Attention of a Seller or Borrower
RWs are often heavily negotiated aspects of transaction documents. Detailed industry-specific RWs in the health care context are frequently designed to ensure that a seller or borrower is expected to focus on the material issues that are significant to the buyer or lender in consummating a deal in a highly regulated industry. While the review of general RWs may be given a quick glance by a seller or borrower and their counsel, pages of detailed RWs on specific topics relating to health care compliance are unlikely to go unnoticed. Sellers and borrowers often spend significant time reviewing and negotiating the “Health Care Matters” RW and its related subsections. As a result, detailed RWs on health care compliance topics provide some comfort to a buyer or lender that the seller or borrower has considered its past and current compliance and the promises it is making in relation thereto.
Additionally, should pre-closing termination or post-closing indemnification rights be triggered, there is specificity surrounding what the trigger was. The parties don’t get that same type of specificity with a general Compliance RW. The lack of specificity could lead to legal wrangling over whether a particular matter was meant to be covered by the Compliance RW, despite the fact that such an RW is often drafted broadly.
b. Risk allocation
Detailed industry-specific RWs in the health care context, even if redundant with the Compliance RW, provide for issue-by-issue specificity and clarify the importance of which party has accepted risk on certain material compliance issues. The detail provided in a “Health Care Matters” RW will often draw out any issues during negotiations between the parties. For example, there is very little ambiguity as to risk allocation when a seller or borrower makes an RW that “in the last 6 years it has not had, nor is it currently subject to, any adverse criminal or civil settlements or civil monetary penalties.” If a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may lead to the negotiation of an issue-specific indemnity, a change in the indemnity and survival of RWs as a whole, or, in the worst case, a termination of the transaction. Additionally, as discussed a bit further below, the red flag can also signal that additional diligence is needed.
c. Due Diligence
Detailed industry-specific RWs serve a very important diligence function in transactions involving highly regulated industries. Often RWs will call out specific conduct, reference compliance with statutory or regulatory requirements, detail licenses held and compliance with licensure requirements, and address a host of other industry issues.
The diligence process for a buyer or lender can go only so far. The detail provided in a “Health Care Matters” RW and its related subsections serves as an additional backstop against matters that may not have been adequately disclosed or addressed in the diligence process. While they certainly need to be transaction-specific, most “Health Care Matters” RWs at least cover the following issues:
- General compliance with health care laws (usually a defined term in the transaction document);
- compliance with government programs and claim-filing obligations;
- specific compliance with major federal and state fraud and abuse prohibitions;
- the absence of any material overpayment or claim-filing repayment obligations;
- the absence of affirmative inappropriate or illegal conduct;
- the absence of adverse criminal or civil settlements or civil monetary penalties;
- the absence of any threatened or current civil or criminal litigation relating to fraud and abuse matters;
- affirmative statement that the seller has all of its required licenses;
- affirmative statement that none of those required licenses have been subject to suspension, revocation, or termination; and
- affirmative statement there is no current action to suspend, revoke, or terminate a required license.
As mentioned, if a seller or borrower objects to the RW as a whole or to some specific issue covered by it, a buyer or lender may take that as a red flag. The red flag may at the very least signal that additional diligence is needed.
4. Conclusion
The health care industry is a significant portion of the economy, and there are ever increasing numbers of transactions and increasingly high dollar amounts involved in those transactions. The federal government is the largest payer for healthcare. Healthcare is personal, because risk to life and limb is involved. As a result, we have an industry that is highly regulated and involves significant risks. General Compliance RWs aren’t enough to address the material risks that are present. Detailed industry-specific RWs serve very strategic and important risk allocation and diligence functions to ensure that buyers and lenders adequately achieve what they expect of the bargain.