Critical Due Diligence Issues for Buyers and Sellers of Urgent Care Centers

Urgent message: Because deal activity for urgent care centers has been on the rise, prospective buyers and sellers of urgent care centers should understand key issues in preparing a center for sale or acquisition, sharing information, and ensuring compliance with the doctrine of corporate practice of medicine and with other health-care regulations.

Introduction
No segment of the U.S. health-care services industry has seen more merger and acquisition activity over the past few years than the urgent care market (which includes occupational health). Dozens of deals were consummated in 2014 and 2015, including two separate billion-dollar deals closing in 2015.1 Although 2016 may not see another megadeal, urgent care continues to garner substantial interest from a broad spectrum of potential buyers seeking to either get into the market or expand their existing urgent care platform.

For urgent care operators looking to sell their business in the near or even distant future, it is never too early or too late to think about some of the key legal issues described herein that might adversely impact their centers and, ultimately, their purchase price. Buyers too have little room for error; they must take care in evaluating potential targets, given that many urgent care centers yield relatively thin profit margins. Missing an issue that affects revenue can quickly undermine the deal value, even with indemnity, which may not be sufficient to make a buyer whole.

Getting the House in Order
All of your hard work has finally paid off. After years of building from a single-center start-up to a successful multicenter business, your team can see that the efforts paid off. You are now ready to cash in, so you ink a letter of intent reflecting a purchase price equal to a large multiple of your trailing earnings before interest, taxes, depreciation, and amortization (EBITDA). Then due diligence starts in earnest, and after uncovering a few potentially significant issues in your business’s structure that you were not aware of, the buyer is now rethinking its valuation and wondering what else it does not know about the business that could come back to bite it. Suddenly, your elation is dampened by a conversation about giving a “haircut” to the purchase price that was agreed on in the letter of intent, be- cause of unanticipated concerns about the business.

That may sound a bit dramatic, but it is unfortunately not rare. When the business being sold is yours, having buyer doubt creep in just once is once too often. In most cases, however, potential sellers can avoid being caught flat-footed in the middle of a deal. By taking a few steps to help “get the house in order,” sellers may avoid the haircut discussion by mitigating the impact of problematic issues. Getting things out in the opening at the start, when there are typically multiple potential bidders for a business, also allows the seller to deal with an issue at a time when it has greater leverage than will be possible once the seller commits to a single buyer.

Some operators will expend significant resources on pre-sale process preparations, such as an external coding audit or even sell-side due diligence. These efforts can certainly be useful, but before proceeding, the seller should understand the costs and resource commitments involved and what it expects to gain. For instance, if a seller has been in business for years without having had an outside billing and coding audit, then engaging in a pre-sale audit can still be helpful, but it may not give the seller the ability to clean up a major ongoing issue in time to avoid affecting the sale process.

Getting the house in order, however, does not necessarily require a substantial amount of resources. It can be as simple as stepping back from the daily grind and thinking about the issues that never made it off the back burner because operating and growing the business barely left enough hours in the day to focus on anything else. Checking in with key staff members, managers, and even health-care practitioners to understand what has been keeping them up at night is also a good way to identify potential concerns about the business. Obviously, this must be done in the right way, particularly to avoid signaling that a transaction may be pending and without suggesting that the company is doing anything inappropriate.

If, on closer examination, the potential concerns appear to have merit, then the operator can drill down into the issues and determine how much of an impact they have or are likely to have on the business. If the operator requires outside expertise to properly assess the issue, evaluating the risk through outside counsel will provide an opportunity to determine the best course of action through privileged communications.

Any level of introspection prior to a sale process will better equip a seller to respond to due diligence scrutiny. A common refrain among defense attorneys is that “it is always better to give the explanation before hearing the accusation.” In other words, it is usually better to take charge of an issue and control the dialogue about it, framing it appropriately. In many cases, this will help sellers defuse issues that look worse at first than they really are.

Sharing Information: Some Key Dos and Don’ts
After the seller is aware of its potential vulnerabilities and is ready to start discussions with one or more potential buyers, all parties will have to be mindful of how they share certain in- formation when the sellers are trying to gauge interest. An in- vestment banker or broker who is involved will typically put together a teaser describing key facts about the business on a client-anonymous basis. Potential buyers who show an interest after reading the teaser will then be able to obtain more specific information about the seller, but only after a confidentiality agreement, or nondisclosure agreement (NDA), among the par- ties is in place.

The NDA will specify, among other things, the scope of confidentiality restriction, who the receiving party may share in- formation with (such as key advisors who agree to treat the information in accordance with the NDA), how long the restriction lasts, and obligations on termination of discussions. Be- cause prospective buyers are often competitors of the seller, the NDA may also include a nonsolicitation provision.

Once the NDA is in place, there are still certain limitations or issues that can be triggered depending on the nature of the in- formation being shared. These generally fall into three categories:

• Materials under attorney–client privilege: Sharing with an unrelated third party any communications that are protected under attorney–client privilege or that would otherwise be protected attorney work product usually constitutes a waiver of Thus, if the company had received legal advice in connection with a particular issue (e.g., relating to a practice that subsequently led to a business dispute) and then shares that information in the course of due diligence, it has potentially waived the privilege over that advice, meaning that the seller could be forced to disclose the otherwise-privileged advice in discovery regarding the business dispute. Often in connection with due diligence, sellers will stop short of pro- ducing anything that could be deemed to waive privilege and will instead talk through the facts (that are not them- selves privileged) rather than the privileged advice given by counsel. There are times when an issue is a key con- cern for a buyer and the buyer will not want to proceed without understanding the privileged communications. Under certain circumstances, parties will take the position that both the buyer and seller have a common interest in the privileged information and thus will enter into a common-interest agreement. Many jurisdictions, but not all, recognize such a privilege. To avoid unwittingly waiv- ing an important privilege, the parties should proceed with sharing such information only under the advice of their counsel.
• HIPAA/patient information: Although the sharing of protected health information (PHI), as defined under the Health Insurance Portability and Accountability Act (HIPAA), is permitted to an extent in connection with due diligence as part of the definition of health-care operations, all parties must be careful about sharing this infor- When PHI must be shared as part of due diligence, all parties must adhere to HIPAA’s “minimum necessary” standard and avoid unnecessary disclosure of PHI. If it is anticipated that a buyer will receive PHI as part of due diligence, the seller should consider including language in the NDA about the buyer’s obligations regarding PHI. If buyers are engaging third-party consultants to assist with due diligence, such as coding or chart audits, a business-associate agreement will likely be required be- fore any PHI is shared with the consultants.

Competitively sensitive information: All parties must also be careful about sharing competitively sensitive information, to avoid potential antitrust issues. Because potential buyers are often already in the same line of business and often within (or at least overlapping to some extent) the same market, the sharing of sensitive pricing information such as payor rates can create antitrust liability. Each situation is different, and the parties should consult their counsel in determining what information can be shared and when. However, if there are antitrust concerns, the buyer will often have to forgo direct review of any competitively sensitive information and will instead often rely on a third-party black box or messenger-model review to get a general sense of such information.

Key Legal Due Diligence Issues for Urgent Care Centers
The following are some of the key legal issues that should be evaluated whether a seller is looking to get its house in order or a potential buyer is kicking the tires. The discussion here is not meant to be exhaustive, and each operator and its circumstances must be evaluated independently.

The Doctrine of Corporate Practice of Medicine, Fee-Splitting Restrictions, and Management-Services Organizations
The majority of states have some prohibition of the corporate practice of medicine (CPOM). Although its scope varies, the prohibition generally limits the ability of a person or entity other than a licensed physician to participate in the ownership or control of a medical practice. That usually means that a non- physician cannot own a medical practice, and that an entity that is owned by a nonphysician cannot employ a licensed physician to provide professional services.

Failure to comply with a CPOM prohibition can have substantial repercussions for an urgent care operator and its physicians, including fines and sanctions against licensees. More important, from a business perspective, is that CPOM violations have been used to invalidate agreements or obligations to pay providers. In particular, physicians have sued to unwind their employment or management agreements on the basis of CPOM doctrine, and payors have also cited alleged CPOM violations to avoid payment obligations for medical services that were otherwise properly rendered.

Fee-splitting provisions are also found in most jurisdictions, and although they are often not limited to arrangements with nonphysicians or entities, they often work as restrictions com- plementary to CPOM prohibition. In its most typical form, a fee-splitting provision will, like an anti-kickback provision, prohibit a physician from sharing professional fees with a person who refers patients to the physician.

Because a number of owner-operators and most of the potential buyers in the urgent care space are not licensed physicians, urgent care companies are often operated under some form of a management-services organization (MSO), some times referred to as a “friendly physician” or “captive practice” model. Under that structure, the MSO usually owns all nonclinical assets of the urgent care practice entity (the captive practice) and leases those assets, along with providing certain nonlicensed personnel, space, and administrative services, to the captive practice pursuant to a management-services agreement (MSA).

Although the nuances of the MSO model and MSA terms are beyond the scope of this article, the CPOM prohibition, fee- splitting provisions, and the MSO model all have potential pit- falls that must be monitored, including these:

• Noncompliance of the seller’s corporate structure and ownership with the laws of the applicable jurisdiction
• Possession of authority, by the MSO or any other non- physician, over clinical decision-making or control over operations that might invalidate the arrangement
• Noncompliance with fee-splitting provisions and other laws where an MSO is in place, and particularly when the MSO is engaging in marketing for the center
• Insufficient management of the risks of the “friendly physician” model to avoid having the physician–owners of the captive practice seek to unwind the arrangement, take actions contrary to the MSA, or otherwise interfere with the business terms for the MSO and its owners

Fraud and Abuse Issues
As with any health-care provider, urgent care operators have to be mindful of federal laws regarding fraud and abuse, including the Stark law and the Anti-Kickback Statute. Urgent care is often viewed as having lower exposure than other health-care markets to the risk of fraud and abuse because its providers are not con- trolling or directing a captive patient base but are instead just personally performing and supervising services for those who come through the door. Yet there is substantial risk, including in the following aspects of the seller’s operations:

• “Referrals” by the clinics’ professionals to the clinics’ an- cillary service lines, which typically include, at a minimum, x-ray and basic laboratory These must be mon- itored for violation of the Stark law, among other laws. The Stark law is a complicated strict-liability statute that many urgent care operators inadvertently trip over. A violation typically also triggers a prompt repayment obligation (within 60 days of the issue and of the amount owed becoming known) that could involve a voluntary self-disclosure under the Centers for Medicare & Medicaid Services Self-Referral Disclosure Protocol.

Other financial arrangements with referral sources and recipients. These must be examined for compliance with laws concerning fraud and abuse. This category includes both compensation and ownership arrangements with the clinics’ own professionals as well as arrangements with third parties (e.g., leases where the landlord is an affiliate of a referral recipient of the urgent care clinics).

• Marketing practices that can trigger potential anti- kickback concerns, depending on the relationship with marketing personnel and their compensation Additionally, giveaways and discounts to patients can run afoul of patient-inducement restrictions and should be examined carefully to ensure compliance.
• Coding and billing These must be examined:
  • Has the seller been subject to third-party payor audits, and if so, what were the results, and were material re- payments required?
  • If there has not been third-party audit activity, what has the seller done historically to verify its practices and recordkeeping?
  • Have other billing and coding issues come up, includ- ing the following?
    • Documentation in the chart not supporting the level of service billed
    • Too much automation in the process (e.g., prepopulation of form fields to show more work being done unless a provider affirmatively indicates that it was not done)
    • Billing for a new patient versus an established patient and how that is tracked in the seller’s systems to avoid overbilling when not warranted under the guidance of the Centers for Medicare & Medicaid Services or payors

Misclassification of Personnel
In addition to other human resource issues that any employer invariably deals with, misclassification issues are not uncommon for urgent care operators. Misclassification refers to the individual’s status as an employee or independent contractor of the seller. Professionals will often be engaged as independent contractors, but the parties’ choice of agreement is not con- trolling, according to the guidance of the Internal Revenue Serv- ice. Rather, a number of factors must be examined, including how the person is paid and what control the company has over how the job is performed. Misclassification can result in liability for unpaid payroll taxes and potentially for overtime payments (for nonexempt personnel). Additionally, in many cases, the professionals themselves have a strong preference to remain independent contractors for tax purposes, and a required transition could jeopardize a relationship with a key person.

HIPAA and Other Privacy and Security Matters
HIPAA enforcement began in 2003, but settlements and fines were only sporadic through the early 2010s. Since 2012, the number of HIPAA settlements and fines imposed has increased significantly and will only continue to rise under the 2016 Phase 2 HIPAA Audit Program of the Office of Civil Rights that is now under way. A number of providers have paid or are facing sub- stantial fines for violations. Additionally, security breaches are happening more and more frequently. Although no one can prevent every issue, providers who do not demonstrate that they are serious about compliance with HIPAA and related privacy and security laws will inevitably face stronger consequences. It is important to understand how the operator addresses patients’ privacy and information security and whether there have been any violations.

Other Key Issues
Other steps that sellers and buyers should take include these:

• Confirmation should be sought for the existence of a compliance program that covers fraud and abuse and other concerns in addition to HIPAA, for how compliance is documented, and for how staff members are trained in
• Verification should be obtained for all licenses and permits that the operator and its professionals need in order to operate in their jurisdictions and localities and to offer the scope of services that they have been
• Exclusion checks for all personnel should be done to en- sure that someone working for the company is not excluded, which would leave the company exposed to potential civil monetary
• Supervision arrangements and documentation should be reviewed to ensure compliance with state
• Medical malpractice claims and insurance coverage should be examined to ensure that the seller is not an outlier in terms of number of claims or amount of damages assessed, which would be cause for concern about quality throughout the Additionally, evaluating the adequacy of the insurance and the type of policy will be important in determining whether additional coverage is warranted or a tail policy is needed in connection with a sale.

Conclusion
Due diligence consists of the “reasonable steps” taken to assure a buyer and seller that a business is in fact what has been rep- resented. Whether a sale is imminent or is a consideration for the distant future, urgent care owners should be aware of the issues that can arise. Preparing an urgent care business for sale requires advance planning, careful consideration of the types of information shared between buyers and sellers, and a keen understanding of health-care regulations, to ensure that no surprises arise that could change the pricing and terms of a deal or even derail it.