We have worked on several ketamine acquisitions, and one of the most important aspects of any deal is due diligence. Shortly after term sheets or letters of intent are executed, most buyers send out a due diligence request list to the seller. This post will focus on the healthcare regulatory issues a buyer will want to focus on for a ketamine deal. Because every deal is unique, there is no “one size fits all” advice. However, there are many common elements that we have seen for ketamine deals.
Because there is a myriad of healthcare regulatory issues for a ketamine clinic acquisition, this post focuses on some of the federal laws that apply. In our next post, we will detail some of the other legal issues a buyer should consider.
Below are some of the common issues we have seen in the various deals we have assisted with. Because each issue is complex, we only provide a summary of the issue below. However, in order not to run afoul of the law, any buyer would be wise to retain healthcare regulatory counsel to ensure that the seller has complied with the law and to ensure that the buyer continues to comply with any laws.
Third Party Payors and Medicare Issues
Are there contracts with third party payors (e.g., insurance companies, HMOs, PPOs, etc.)? If so, you will need to review those agreements to make sure you comply with any requirements set forth therein. From a google search, it also appears that Medicare reimburses for certain ketamine related procedures. Thus, as part of your due diligence, you should request any information related to third party reimbursement, including whether the seller is a participating provider with Medicare.
If the seller is a Medicare provider, then certain federal laws apply. Those laws impose both criminal and civil liability. The “big three” federal laws that apply when there is government reimbursement are the Anti-Kickback Statute (“AKS”) (42 U.S. Code § 1320a–7b), the False Claims Act (“FCA”) (31 U.S.C. §§ 3729 – 3733), and the Stark law (42 U.S. Code § 1395nn). Moreover, depending upon which state your deal is located, there could be state laws that parrot (and/or can be unique) some of the federal laws. Thus, you will need to review both federal and state law to ensure the seller has been compliant.
The AKS prohibits paying or receiving anything of value in return for a patient referral. Under the prevailing case law, if even “one purpose” of the payment is to induce a referral, then it is prohibited. The AKS is s criminal statute that can lead to both jail time and financial penalties. Often times, when the federal government brings an indictment under the AKS, it will also bring a count under the FCA. The FCA prohibits people and providers from submitting a “false claim” to the federal government. Thus, if a provider seeks reimbursement that includes any remuneration for a referral, then in all likelihood, they have likewise violated the FCA.
The Stark law is a prohibition on referrals to which a provider has a financial interest (whether directly or indirectly). However, for the Stark law to apply, the services provided must be one of the 10 enumerated “designated health services” set forth under Stark. We have not had the opportunity yet to determine whether any of the ketamine related procedures falls within one of the designated health services. But, we nonetheless caution a buyer to investigate whether Stark applies to their transaction.
Last, there is at least on Office of Inspector General opinion (which is housed in the US Department of Health and Human Services) that found that the AKS also applies when there is a private third party payor (e.g., HMOs, PPOs, indemnity insurance, etc.). Thus, even if the seller is not a Medicare participating provider, a buyer would be wise to investigate whether the seller receives third party payments. If so, the buyer should investigate which federal laws apply.
Compliance Plan
As a corollary to the foregoing, if the seller receives federal reimbursement, then it should also have a compliance plan in place. The Office of Inspector General of the U.S. Department of Health and Human Services has published various guidance on compliance plans (CLICK here for more information about compliance plans for physicians). A compliance has seven elements, including: (1) conduct internal monitoring and auditing; (2) implement compliance and practice standards; (3) designate a compliance officer or contact; (4) conduct appropriate training and education; (5) respond appropriately to detected offenses and develop corrective action; (6) develop open lines of communication with employees; and (7) enforce disciplinary standards through well-publicized guidelines.
We have designed and implemented compliance plans for healthcare clients. Since each provider is unique, care must be taken to tailor a compliance plan to the specific needs of a client. Aside from the foregoing elements, a provider should have policies and procedures that help to effectuate the compliance plan. Moreover, for any compliance plan to be effective, employees must be trained and re-trained on a regular basis. If there is a fraud and abuse issue, and if the provider has compliance plan that has been properly implemented and followed, then the OIG will consider the compliance plan as a mitigating factor. Thus, having and following a compliance plan is paramount in today’s healthcare environment.
Health Insurance Portability and Accountability of Act of 1996 (“HIPAA”)
HIPAA is a federal law, that among other things, helps to protect the confidentiality of a patient’s medical information (under HIPAA, this is referred to as “protected health information” or “PHI”). In addition to HIPAA, state healthcare confidentiality laws also apply to the extent they are more stringent than HIPAA’s requirements.
As part of any due diligence, a buyer would be wise to explore whether the seller has “business associate agreements” with third parties that assist the provider with healthcare payments, treatment and/or operations. And, even in the absence of such agreements, a buyer should analyze whether any business associate agreements are necessary for its protection after the deal closes. Also, a buyer should seek information about whether there are any currently known breaches under HIPAA (whether recently reported or still reportable). Not only is there possible civil liability to the federal government, in certain instances, a patient may also have legal recourse against the provider.
Under HIPAA, even receiving due diligence that involves patient information triggers the HIPAA requirements and the business associate requirements. HIPAA was amended in 2013 and now even a business associate has direct liability under HIPAA (CLICK here for more information). If you are selling your ketamine clinics and the buyer requests PHI, you should consider whether a business associate agreement is necessary.
As an aside, any buyer would be wise to procure cyber liability insurance to help protect themselves against HIPAA breaches. Moreover, a buyer should also see if the seller has cyber liability insurance, and if so, whether it will cover any breaches that occurred pre-closing. Fines, penalties and lawsuits can be very expensive if there is a HIPAA breach.
Part 2 Regulations
The Part 2 regulations are often overlooked by healthcare professionals (see 42 USC § 290dd-2 and 42 CFR Part 2). The Part 2 regulations apply when, among other things, a provider provides substance use disorder (“SUD”) treatments and that provider also receives federal funds for such treatments (e.g., Medicare, Medicaid, etc.). Like HIPAA, the Part 2 regulations seek to protect the confidential nature of a patient’s healthcare records when those individuals are receiving SUD treatments. The Part 2 regulations were recently updated (CLICK here for a good summary of the updates). For a good overall summary of the Part 2 regulations, please CLICK here.
Because ketamine can be used for SUD treatment, and because Medicare provides reimbursement for certain procedures, it is important to understand the contours and implications of the Part 2 regulations. Moreover, a buyer may also need to analyze when the Part 2 regulations are more stringent than HIPAA and/or state law, in which case, the Part 2 regulations may apply (instead of HIPAA and/or state law).
Conclusion
Healthcare is an incredibly complex area of the law. It is one of the most regulated industries in the United States. Any deal that involves healthcare must be scrutinized from many different angles. A buyer could step into the shoes of the seller post-closing, and thus, could be liable for past breaches by the seller. Therefore, great care must be taken to protect a buyer from the many traps under the various federal healthcare laws.
For more on ketamine, check out the following blog posts:
- The Ketamine Clinic Craze: Legalities and Possibilities
- Ketamine Clinics and the DEA
- Ketamine Clinics and the Corporate Practice of Law in California
- Ketamine Management Services Organizations: The California Puzzle
- Ketamine, Psilocybin and New Drug Therapies: The Webinar Video Replay
- Ketamine, Psilocybin and New Drug Therapies: Part 2!
The post Ketamine Due Diligence: What Any Buyer Should Know – Part 1 appeared first on Harris Bricken.
