Due diligence is often perceived as a mundane part of the mergers & acquisitions (M&A) process, but its importance in healthcare transactions is critical. Due diligence is one of the first steps of any transaction and involves a buyer undertaking an in-depth examination of the target to evaluate the business and uncover potential issues or liabilities. In the healthcare industry, diligence is especially important considering the heavy regulation of the industry, the unique areas of risk, and the significant liabilities that could be imposed upon a buyer if issues and liabilities are not identified before the transaction closes.

Some of the unique areas of risk in healthcare deals, and how to evaluate them in the due diligence process, are provided in the chart below.


What is it?   

What due diligence is required?

Anti-kickback Laws (and state counterparts) If reimbursement from government payors is sought, it prohibits the exchange of anything of value in an effort to induce or reward the referral of healthcare services or the purchase of goods.
  • Review all physician contracts, other key contracts, and any other related documentation for compliance.
Stark Laws(and state counterparts) With certain exceptions, prohibits physicians from making referrals of Medicare “designated health services” to any entity in which a physician or family member has a financial interest.
  • Review all physician and other financial relationships and any related documentation for compliance.
Compliance Policies and Procedures Due to the complexity of the regulations affecting the healthcare industry, most healthcare organizations have compliance policies and procedures.
  • Review compliance policies and procedures (and any related regulations to determine completeness and accuracy).
  • Work closely with compliance officers to understand the target’s compliance requirements and practices.
Corporate Practice of Medicine (CPOM) Many states restrict the employment of physicians by non-physicians.
  • Determine CPOM rules in the relevant jurisdiction and review all employment relationships for compliance.
Antitrust Laws The FTC and DOJ have placed increased scrutiny on healthcare transactions that involve consolidation or affiliation.
  • Analyze early on whether the transaction may adversely affect competition. Also determine whether a pre-merger notification filing is required under the Hart-Scott-Rodino Act (generally required for transactions over $75 million).
Civil Monetary Penalty Laws and False Claims Act Prohibits various forms of inappropriate activities, including submitting false claims to the federal government, violating anti-kickback statutes, and failing to return overpayments.
  • Evaluate claims processes and procedures and billing and collections processes for adequacy and compliance. Consider whether a billing and coding audit is appropriate.
HIPAA Patient privacy and data security laws.
  • Review policies and business associate agreements for compliance; review any past breaches for ongoing liability and appropriate corrective action.
Licensing and Certification Depending on the nature of the target company’s business, it’s bound to have various healthcare and non-healthcare licenses, permits and authorizations.
  • Review all licenses, permits, etc. for any consents or notices required in connection with a transfer. Pay special attention to any notification requirements that may affect the closing date.

Recent transactions demonstrate the importance of due diligence in healthcare. For example, as part of due diligence, several hospitals that discovered physician contracts potentially violating the Stark Laws have self-disclosed and settled matters with the federal government as part of the closing. Some of these settlements exceeded $30 million, which is a liability the purchaser was able to avoid by conducting due diligence.

In light of the foregoing and the unique considerations in healthcare transactions, it is particularly important to customize your due diligence request list to expressly include the items listed above. That is, buyers beware of the form due diligence request list – it’s not going to work for your healthcare deal. It is also important to understand that if a material compliance issue is uncovered in diligence, the target may be required to self-disclose the violation to the government – which can be fatal to a transaction.

Finally, in addition to typical buyer due diligence, it is becoming increasingly common and recommended that sellers undertake a “defensive due diligence” well in advance of a transaction in order to proactively review the business for compliance with fraud and abuse laws. This allows sellers to address issues up front and best position the company for a more efficient transaction.