Compliance is no longer a fire drill to be ignored. Wiks Moffat, founder and CEO of Calyx Compliance with 30 years of healthcare compliance experience, says the enforcement environment has accelerated, with AI now helping regulators spot outliers.
In conversation with McGuireWoods partner and host Geoff Cockrell, Wiks explains how most companies still aren’t doing enough self-assessment, how billing and coding is almost always where scrutiny begins, and how compliance can generate a clear ROI by surfacing missed revenue opportunities post-acquisition.
Tune in for guidance on compliance staffing thresholds and why sellers should start due diligence 18 months ahead.
☑️ Wiks Moffat
☑️ Calyx Compliance | LinkedIn
☑️ Geoff Cockrell | LinkedIn
☑️ McGuireWoods | LinkedIn | Facebook | Instagram | X
☑️ Subscribe Apple Podcasts | Spotify | Amazon Music
This podcast was recorded and is being made available by McGuireWoods for informational purposes only. By accessing this podcast, you acknowledge that McGuireWoods makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information featured in the podcast. The views, information, or opinions expressed during this podcast series are solely those of the individuals involved and do not necessarily reflect those of McGuireWoods. This podcast should not be used as a substitute for competent legal advice from a licensed professional attorney in your state and should not be construed as an offer to make or consider any investment or course of action.
This is The Corner Series, a McGuireWoods series exploring business and legal issues prevalent in today's private equity industry. Tune in with McGuireWoods Partner Geoff Cockrell as he and specialists share real world insight to help enhance your knowledge.
Geoff Cockrell (:Thank you for joining another episode of The Corner Series. I'm your host, Geoff Cockrell, a Partner at McGuireWoods. Here at The Corner Series, we try to bring together deal makers and thought leaders at the intersection of healthcare and private equity. Today, I'm joined by my longtime friend, Wiks Moffat. Wiks is the CEO of Calyx. Wiks does all manner of compliance consulting and serving different functions, both in diligence of deals and then assisting healthcare companies with ongoing compliance. But Wiks, if you could introduce yourself and your company a little bit and then we'll jump into a discussion.
Wiks Moffat (:Sure. Thanks, Geoff. First of all, really appreciate you having me here. I know we've known each other for years, so this is great. And again, I'm Wiks Moffat, Founder and CEO of Calyx Compliance, and I've been in healthcare compliance now for 30 years. In fact, this is my fourth company, and essentially, we assess, build, implement, and maintain compliance programs for healthcare organizations typically with project-based engagements, things like general compliance gap assessments, audit defense, transaction diligence, HIPAA security risk assessments.
(:Those are our episodic things, and those are normally the one-time compliance projects that bring us into a group. And it's interesting, Geoff, because they always show up as a fire drill. Feds are in my lobby. You got that letter saying you owe $2.6 million, it's reactive. And frankly, that's backwards because the OIG, DOJ, everybody is really like, "Hey, you should have a culture of compliance."
(:It should be woven into the fabric of your everyday operations, not just, "Hey, let's check out our compliance program and then we'll come back a year later and check it out." So that's really where compliance is and what we focus on, Calyx, is making sure that people are continuously ready with their compliance program and so that it's always on.
Geoff Cockrell (:So Wiks, for a long time, assessing compliance, while always important, didn't have quite the urgency around it. In my experience and my practice over the last couple of years, that has become amplified, both from the perspective of a more aggressive enforcement posture coming from the current administration, and then also expanding tools available to catch when people are making either incorrect choices or choices close to the line. How would you describe the evolving enforcement environment in the things that you see?
Wiks Moffat (:Yeah, and that has certainly been the biggest change that I've seen over the last 30 years and super accelerated over the last few years. You can't pick up a industry newsletter or even just the everyday newspapers, if you even read newspapers anymore, are always talking about the enforcement of waste, fraud, and abuse, which is the same as fraud, waste, and abuse. That's what we've always called it interchangeably. So yeah, that's become a big topic and the government is broke, so the enforcement has really changed a lot and I think that's significant because regulations always change, and that really doesn't move the needle as much as them actually going out and enforcing because from there things like reputational damage, not to mention the monetary fines or stopping a deal. So the enforcement has been huge, and there are some great tools out there to help you make sure that you maintain compliance. And AI is also really helping the feds a lot right now because they're tacking the industry with AI to figure out who are the outliers and who's making mistakes, so it's a whole new world there.
Geoff Cockrell (:And how are companies responding with those tools in the sense of, it's very clear that the government, as you described, has the ability to look over all of the data of all of the companies that are submitting for reimbursement from the federal government and really assess who's an outlier and then ask harder questions. To what extent are companies able to self-assess if they are an outlier to see if they have a target on their back? What tools are available on that side?
Wiks Moffat (:It's interesting, Geoff, because what I've seen frankly is not a lot. We're always amazed that even these lower, middle, and upper end market companies are really not doing a lot. I'm not saying that they're out committing fraud or anything, but they're really not doing anything much different than they were a few years ago. I anticipate that that will change quite a bit, and certainly we work with our clients to make sure that that change is in effect and that they're continuously compliant. I think that's the big difference now is you need to really be in an always defensible or always compliant position with your organization. It's not a every once in a while thing. It really, as I mentioned earlier, should be woven into the fabric of everyday operations.
Geoff Cockrell (:What are some of the areas that you see issues coming in? So if you're fielding an inbound inquiry from the government, which can be in the form of just an inquiry, it could be agents in the lobby, as you noted, what are the types of issues that arise and do they tend to emanate from AKS land where the government is investigating something that they view as a flat out kickback? What are the hot issues that draw government attention?
Wiks Moffat (:Yeah, it's almost always around the billing and the coding and chart audit, that's generally where it comes from. I don't know if that's because it's the low hanging fruit and there's a lot of money there, but that's generally where it starts, and it can be different based on the specialty. But yeah, it's usually some type of, "Hey, you're an outlier. Your documentation isn't matching your medical necessity or your modifiers," or that type of area in their billing which is generally setting off red flags.
Geoff Cockrell (:In the context of a transaction, we'll usually be doing, not us, but someone will be doing a billing and coding audit of the target and things will come out of that. It'll distill out if the company's making either suspect choices or things that are close to the line. To what extent are companies continually self-assessing themselves through that prism? And if not, is that a useful exercise that folks should spend more time and attention on?
Wiks Moffat (:Well, I'll start with the end. So definitively, yes, very useful exercise and it's also very useful to have a third party do that because number one, a third party has been out in the industry and they see where the hotspots are. And number two, if it's always an internal assessment, can be the fox guarding the henhouse. And also it's the same people looking at the same thing every day, so it's very useful to have some outside eyes look at it.
(:And interestingly enough, Geoff, what we find on a positive side is when we start looking at stuff like that, we'll find out areas, of course, where they might be pushing the envelope or making mistakes or charging for something that they shouldn't be charging for. But it's very common for us to find things where they may be missing revenue opportunities and related to that, even away from chart audit, is you can pick up things where, hey, maybe they should start doing a little more telemedicine, or maybe they can do chronic care management, or remote patient monitoring, or take advantage of some of the value-based care incentives out there.
(:So I think an important theme these days is you can take compliance and turn it on its head where it's not just a revenue drain, it's something that can have a clear ROI to it. And relative to when we get involved in due diligence deals with private equity, we'll often find areas when we're in there where they can take advantage of some missed revenue opportunities, and private equity guys or anybody certainly likes this because day one post acquisition, they can start getting a bit of a revenue lift.
Geoff Cockrell (:The expense of hiring a dedicated internal compliance person is not immaterial, and for a company that's a little bit smaller, that might be handled by other executives within the company, where is the size line where you see companies making that investment of a fully dedicated full-time internal compliance person? And I know there's obligations to have someone responsible for that, but where's the line where people will endure the expense of a dedicated person, and what are some of the choices for either fractional or some version of compliant outsourcing? What are the choices below that line?
Wiks Moffat (:So I think this is an unofficial answer, but I think once you reach about 50 providers, or maybe more importantly, when you're post 25 million in top line revenues, you probably want to consider a full-time type compliance officer and other options that you have there, and certainly that's what we get involved in, although we don't call it as more of a fractional compliance officer, or somebody that's in there on some type of a defined basis. 10, 15, 20 times a year where they're in there helping you with it. Very importantly though, in most states, you can't have an outsourced compliance officer, you need to have someone internally that's designated it.
(:And oh, by the way, it should never be the CFO or the CEO or anybody attached to money. They should be outside of that fray, yet with a clear line back to the CEO and someone that can make decisions, so those are certainly options. And even if you hire a full-time compliance officer, which also, by the way, in a metro area is going to cost you upwards of $200,000, but that person is also probably going to need help with exclusion list and hotline and maybe external audit, so compliance is definitely part of the budget going forward.
Geoff Cockrell (:Wiks, we encounter a lot of multi-site businesses that have multiple practices maybe across multiple states and those individual practices have varying degrees of autonomy either by design or just the historical processes that they were using prior to say an add-on acquisition. How does a centralized business institute a culture of compliance across multiple locations, multiple practices with different histories of compliance, different processes? How should an investor at least think about that task?
Wiks Moffat (:Well, I guess like everything in our industry, it's gotten really complicated. Certainly, if you're multi-site, multi-state, the Medicaid regulations, for example, can be not only the reimbursement, but the regulations themselves with regards to how a compliance program is built and governed and managed can be different from state to state. So that's an important piece to look at, and again, complicated, and I think investors really need to look at that. And also, as you get these organizations that are cobbling their groups together or doing add-ons all over the place, oftentimes as well, you have different EMRs, different tins, the whole thing. It gets really complicated and compliance needs to be woven into that entire process.
Geoff Cockrell (:How often do you see a private equity backed company that is contemplating a sale undergo some kind of pre-sale audit process? And what does that look like?
Wiks Moffat (:Very often, pretty much every time. And that oftentimes can get messy because perhaps they're overbilling and that can mess up QOV, it can mess up valuations. That in itself can be something that can certainly slow down a deal, reduce the value of a deal, or the deal gets kicked to the curbside altogether.
Geoff Cockrell (:And we encounter that on legal diligence as well. I mean, I could do on a sell side the same sort of rigorous internal diligence that I would do if I were representing a buyer. Folks usually don't want that. Number one, if the issue's there, the issue's there. And if I have a month headstart on buyer diligence, it's not going to change how that plays out dramatically, whereas there's a possibility that there are some embedded risks in a company and there's always embedded risks in a company. And by virtue of me doing diligence on the company, on the sell side, you can bring all those risks home to roost. How do you advise folks in navigating that question?
Wiks Moffat (:Yeah, Geoff, that's a really important point because so if you're looking to go to market or sell, and it's easy to say but hard to do, I think it's really important 18 months ahead of time, or certainly 12 months ahead of time to start doing due diligence before you have to do due diligence. In other words, get yourself ready. And even at the end of it, if you decide not to sell, it's been a very useful exercise. And of course, I come at it from the compliance standpoint, but it's probably a good exercise from the financial standpoint and the legal standpoint and all the way around, but getting ready pretty much as soon as you can. And that's why we preach continuous compliance because once due diligence comes along, it's just water off the duck's back, and so you check the box right away because we're done, we're in compliance. So yeah, getting ready is important and you certainly see a lot of that in due diligence and you see the negative side of that story as well, unfortunately.
Geoff Cockrell (:Wiks, it's always fun to talk with you, see you at events all the time. It's really good to connect, and appreciate walking through some of the compliance concerns that people need to be thinking about, but really, really appreciate you joining me.
Wiks Moffat (:No, that was great. Always great to talk to you again, Geoff, and I'm sure I'll see you soon. Thank you so much for the invite, I thought it was a very productive conversation.
Voice Over (:Thank you for joining us on this installment of The Corner Series. To learn more about today's discussion, please email host Geoff Cockrell at [email protected]. We look forward to hearing from you.
(:This series was recorded and is being made available by McGuireWoods for informational purposes only. By accessing this series, you acknowledge that McGuireWoods makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information featured in this installment. The views, information, or opinions expressed are solely those of the individuals involved, and do not necessarily reflect those of McGuireWoods. This series should not be used as a substitute for competent legal advice from a licensed professional attorney in your state, and should not be construed as an offer to make or consider any investment or course of action.