Measuring Compliance Risk in Health Care Transactions

November 30, 2013 | Health Services

Health care compliance attorneys are frequently asked to “rate” the risks around various existing or proposed business arrangements involving medical professionals.  Could a given arrangement be viewed as a violation of the Stark Self-Referral Law (“Stark”) or Anti-Kickback Statute (“AKS”)?  Are there compelling, or at least plausible, arguments for why the arrangement should instead be viewed as either compliant or involving only a so-called “technical” violation that does not warrant regulatory attention?  Are there changes to the arrangement that, if made, could minimize the risk of an adverse finding by a regulatory authority?  If the arrangement ever came to the attention of a regulator, what is the likelihood that an enforcement action would be initiated?  These are the kinds of questions that arise again and again, usually directed at the attorney by a client who is eager to move forward with a deal. 

In many instances, the parties involved in the business arrangement – whether an individual medical provider, a group practice or a large health system – are vested in moving forward with the transaction and may not want to hear that they should pause because of what they perceive to be only a speculative possibility that a regulator might have a concern down the road.  And while that reaction might be somewhat less common in what has become a highly fraught compliance environment, even responsible parties willing to pause and consider compliance ramifications in recognition of the potentially severe penalties associated with violations do not necessarily want to jettison the deal in front of them, except as a last resort.  Rather, they are hoping for the “right” answers to the questions referenced above so that they can move forward with the deal, and if there is something “wrong” with the deal from a compliance perspective, they want their attorney to “fix it.”

All of which begs the question:  How does one measure compliance risk?  Simply telling a client not to proceed with a transaction that entails some risk is not always realistic or even wise advice.  Indeed, given the complexities of the health care regulatory scheme, and the intricacies of many business transactions in the healthcare industry, it is inevitable that some aspects of some business arrangements will present at least a “close question” on regulatory compliance, and perhaps more than that.  So how does one separate the really serious compliance risks from those that are perhaps only colorable?  And how does one know when a proposed transaction suddenly beset by compliance concerns is salvageable for the client or mortally wounded?

Answering these questions as accurately as possible requires not only an understanding of the policies underlying the regulatory framework, but also an appreciation for what motivates regulators in launching enforcement actions in some situations and not others.  That, in turn, requires careful consultation with a compliance attorney able to bring that perspective and experience.  Even then, this type of analysis is never an exact science.  All the attorney can do is present the client with an objective assessment of the relative risks surrounding a proposed transaction.

Any analysis of relative risk must take into account the degree to which the proposed transaction might be seen as offending the basic policy, or “prime directive,” underlying the law at issue.  Stark and AKS were enacted out of concern that financial self-interest can corrupt the integrity of medical decision-making, leading to distorted medical judgments, overutilization of services, and medically unnecessary or inappropriate patient care.  Both laws seek to prohibit certain referrals of items or services that are improperly influenced by financial considerations.  Both laws contain certain exceptions or “safe harbors” permitting enumerated types of transactions.

Some “decision points” are, or should be, easy ones to understand.  For example, if one is faced with a clear-cut situation in which a proposed transaction involves an obvious exchange of remuneration for patient referrals that is entirely outside the scope of any conceivable safe harbor, there is no responsible attorney who would sanction moving forward with such a deal.  Put another way, if the transaction being proposed is clearly non-compliant in every respect, and not subject to reasonably differing interpretations regarding whether it violates Stark or AKS, then the right decision is to alter the transaction to make it compliant, or to abandon any thought of doing the transaction at all, rather than throw caution to the wind and proceed anyway.

Many “decision points,” however, are far more complex than that.  In some cases, the facts underpinning a proposed transaction can be so intricate that it is hard to determine whether Stark or AKS is even implicated, much less in danger of being violated.  In other cases, a business transaction could be viewed as “technically” non-compliant, in the sense that not every requirement of an exception or “safe harbor” is satisfied, but there is arguably no intention to violate the public policies underlying the law and there may even be safeguards in place to guard against just such a risk.  For example, the Office of Inspector General, Department of Health and Human Services (“OIG”) has frequently issued Advisory Opinions analyzing business transactions under the AKS which reach the conclusion that, although a particular transaction is potentially a violation of the AKS, the circumstances of the transaction – as certified to OIG by the party requesting the Advisory Opinion — are such that the risk of fraud and abuse is minimal and the OIG will therefore not impose sanctions.

Of course, short of availing oneself of the OIG’s Advisory Opinion process and receiving such an assurance, any decision to move forward in the face of potential regulatory scrutiny presents some level of risk.  And in the case of Stark, which is a strict liability statute, a party’s “good intentions” will not be relevant if Stark has been violated in the eyes of the Centers for Medicare and Medicaid Services (“CMS”).  Moreover, the consequences of making the wrong decision can be catastrophic, resulting in a range of potential punishments, from civil monetary penalties to double or treble damages under the False Claims Act, to a decision to exclude the provider from participation in the federal health care programs to, in the case of an AKS violation, possible criminal prosecution and jail time.  That is why a careful risk appraisal for each proposed transaction is absolutely essential.

Still, the world is not black and white; it is instead filled with an inordinate amount of gray.  Clients often need compliance analysis on an emergent basis, and either do not have the time to wait around for CMS or OIG to render an Advisory Opinion, or have no particular desire to identify themselves and their business plans to the federal government.  Against the backdrop of this reality, a legal advisor can do no better than provide his or her client with an honest assessment of the relative risks involved in moving ahead with the transaction.  It may be that there are reasonable or compelling, if not dispositive, arguments for why a transaction should be viewed (or with some modifications could be viewed) either as complying with all legal requirements or presenting only an issue of “technical” non-compliance without raising a significant fraud and abuse concern.  In that event, the client may wish to move forward with the transaction, wiser for understanding the relative compliance risks outlined by counsel, but electing not to be paralyzed by them.

Related Publications


Legal updates and news delivered to your inbox