In this era of private equity involvement with healthcare, investors can no longer avoid liability with the claim that they are just an investor. The liability of investors in companies is now in the spotlight. Professionals in the industry predict that the government will increase the frequency of commercial audits and CMS audits.

On this episode of The Professor’s Corner, host Geoff Cockrell is joined by Wiks Moffat for a discussion of the importance of compliance programs. Bringing over 25 years of professional experience to the role, Wiks is Principal at the HealthCare Compliance Network, where he assesses, builds, implements, and maintains compliance programs. 

Wiks shares insights on what to look for during due diligence, in particular, whether a company has a culture of compliance. He advises companies to consider compliance at all times, and recommends putting a compliance committee in place to ensure they company have the necessary reporting structures in place.

“You would much rather, because of your culture of compliance, find a problem, than have the feds or the commercial payers come in and start poking around and find these things because then you're in a much less defensible position. For lack of better words, you want to be policing yourself throughout all of this,” explains Wiks.

Featured Guest

Name: Wiks Moffat

Organization: HealthCare Compliance Network

Connect: LinkedIn

Key Takeaways

• Compliance programs are not optional.
• Healthcare compliance companies and legal support complement each other.
• Compliance is a continual process.

Contact

Connect with us on Facebook, Twitter, Instagram, YouTube.

Subscribe to The Professor’s Corner in your preferred podcast app so that you never miss an episode. 

This podcast was recorded and is being made available by McGuireWoods for informational purposes only. By accessing this podcast, you acknowledge that McGuireWoods makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information featured in the podcast. The views, information, or opinions expressed during this podcast series are solely those of the individuals involved and do not necessarily reflect those of McGuireWoods. This podcast should not be used as a substitute for competent legal advice from a licensed professional attorney in your state and should not be construed as an offer to make or consider any investment or course of action.

This is the Professor's Corner, a McGuire Woods series, exploring business and legal issues prevalent in today's private equity industry. Tune in with McGuire Woods's partner Geoff Cockrell as he and specialists share real world insight to help enhance your knowledge.

Thank you for joining another episode of the Corner Series. I'm your host, Geoff Cockrell, a partner at McGuire Woods. Here at the Corner Series, we bring together deal makers, thought leaders, investors, all surrounding investing and owning companies in the healthcare space. Today I'm thrilled to be joined by my good friend Wiks Moffat. He's a principal at Healthcare Compliance Network, and they do kind of consulting in the context of transaction support and also ongoing [inaudible 00:00:46] compliance. Wiks, if you could take a minute to introduce yourself and Healthcare Compliance Network before we jump into a few questions, that would be fantastic.

That'd be great. And first of all, Geoff, thank you very much for having me. So Healthcare Compliance Network, we've been at it for a little over 20 years and we're a healthcare technology and compliance company. We assess, build, implement, and maintain compliance programs. From the very top, we can be a full-blown outsourced compliance resource, or we can do sort of more little almost SWAT team type projects, like maybe just a coding and chart audit, maybe just some help with due diligence, maybe some site visits of offices to see that their OSHA and HIPAA are under control. 80% of our clients are medical practices. We work with some other healthcare organizations as well, but right now that's certainly the space over the last 20 years that we've focused on the most.

The topic of the relationship of legal compliance that you do versus the work that we as attorneys do is a topic of discussion often in the context of a transaction. And I think of it as kind of a Venn diagram that there are some areas that are clearly in the lawyer's domain, there's some areas that are clearly in your domain, and then there's an important intersection where they overlap. But that intersection and the overlap itself is important.

But maybe I'll lead off the discussion of the relationship of our world and your world by giving you the part of the Venn diagram that probably doesn't overlap as much. And for me, I think of that as we are looking at, in the context of a transaction, we're looking at structures that can have very material regulatory import, whether that's corporate practice structures or similar sorts of things. We're looking, legal arrangements that can have either kind of structural implications or kind of fraud and abuse implications, whether that's kind of anti-kickback stark sort of things, but all embedded within kind of legal arrangements. We look at licensure, which can be important and tie as well to another area that we're looking at is kind of process and change of ownership sequences and things relating to that. Those are all kind of in our domain, which maybe give a little explanation of kind of what's in your domain, and then we can talk about the middle.

Sure. So understandable that you bring that up. And interestingly enough, we got probably half or more of our referrals from law firms that we work hand in hand with. The other half comes from private equity and investment bank sponsors and things like that, and also word of mouth. But back to your question, how do we work together with legal?

First of almost all the stuff that we do is under attorney client privilege with a Kovel letter or something like that. They may call it a different document in different parts of the country, but that's where we go in. In a simple way to put it, we're kind of the worker bees and you guys are the queen bee and we report everything back to you. A real good example on that is to just talk about a coding and chart audit. So we do that under the attorney client privilege. We'll look at everything. We'll get back to you guys where you may have some outliers and have certain liabilities. And we may also get back to you and say, "Hey, you know what? They're missing some revenue opportunities here. If they just do things compliantly, they might be able to increase their margins here." So that's kind of what we go in looking at in those types of projects.

And with regards to... I would say the main thing is when someone's in trouble, that they still may need us, but lawyers are very good at figuring out how to maneuver that and how to put up their best defense. Especially on the portfolio compliance manage, I think we're very good at keeping people out of trouble because if you have an active vibrant compliance program, it will prevent compliance issues from happening for sure. But what a lot of people don't realize is it picks up problems when they happen, so you'll know when a problem happens, and that's whether it's a commercial payer or CMS or anybody like that. They want to see that you have a program in place to pick up the fact that, "Yeah, we had a breach", or "Geez, we've been coding that incorrectly for the last six months. We should disclose it." And that's again where the attorneys would come in and help us disclose it properly and make sure that they're doing it proactively as opposed to just reactively. So that's a couple of examples of how we would work together.

Sure. Another way of thinking about is from the perspective of the paper trail. If there are contracts and agreements or structures that I can draw out and look at, those are things that I can assess and test for, whether that's tax, regulatory compliance, any number of things. If the question is focused more on what are they doing, that is not necessarily connected to a paper trail that I can look at. That's where your work starts to really come to the fore. And billing and coding is a good example of it, in that the underlying compliance of the activity, we may have a view on where that activity falls on a risk spectrum, but what we're not cleanly able to do is test to figure out what in the world they're actually doing. And that's where your role really comes to the forefront, whether that is looking at kind of operational details that you're able to dig into or discussions with management, we can play a role in as well, but kind of ferreting out what they're actually doing is harder for us to do as lawyers.

So when we are working with our clients, we are typically doing at least some type of quarterly activity, and when new groups come on, we make sure that they're integrated properly. And by the way, at that point, we might have to call you Geoff and say, "Hey, you know what one got by the goalie here. We need to figure something out." And then you get involved and say, "Well, I'm not sure we need to self-disclose on this. We can just fix it, put a corrective action in place and move forward." Or "We do need to self-disclose on this because we'd rather nip it in the bud now and just pay them back or whatever the ramifications are and let them know that it won't happen again, and we put corrective actions in place."

Another element where kind of our world intersects in the context of a transaction I think is when something has been identified as problematic. So it's kind of come onto our radar. We've done some assessment of where that activity is on the gray scale of risk, or maybe it's a point-blank violation. The next part of that analysis that is a complicated but critically important aspect of navigating that issue in the context of a transaction is starting to put some boundaries on magnitude we are not cleanly able to do, but one that we would call on you to do pretty regularly. How do you see that process in the context of a transaction?

So from the magnitude perspective, when we are looking at a practice and we see a lot of the... Let's say for example, we see a lot of issues over the last few years with regards to referrals or modifiers or medical necessity, whatever it is, and we can come back to you and say, "Hey, that could be a $10 million problem or could be a $2 million problem, or whatever it is". So we can get you that information to help you make a more informed, better decision, because if that comes back to bite you, somebody wasn't doing their job

In the context of a transaction, if you can put a fence around the dollars of exposure, even if they're large. Let's say it's a large Stark violation number, there may be mechanisms that we can deal with that in self-disclosure that may make it an escrow of, let's say, 10% of that number since that's in the bandwidth of the likely resolution of a Stark self-disclosure. But all of that analysis has to start with first some kind of legal analysis of the activity, and then a math exercise, which can be a little slippery to put real live numbers around it because even if the activity is dark, dark meaning more of a point-blank violation, smaller dollar issues are always easier to deal with than bigger dollar issues.

Maybe pivoting a little bit, we work together in the context of a transaction regularly, but you've alluded to it in some of your answers that the transaction is not where the care needs to end, and that some problems can either materialize during the integration or they can be self-created once something is in our hands and on our watch. That's another area where the law firm is probably less well situated to catch those things because we're not being paid to be on kind of continual audit watch with our clients. We can field questions as they come or we can see issues when our work connects to them, but overall ongoing compliance is a little harder for us to keep a finger on. How would you describe your function in that context?

Well, that's a very good question and a very important thing to look at, because we go off the seven elements of compliance, which is kind of the holy grail for compliance. And what that does is there's a continuous audit and follow up process based on the size of the group, maybe even based on specialty, and based on time lapsed audits, whether again it be a site visit or looking at varied chart audits or billing patterns as they go along. So we partner with our clients in most cases where we tell them, "Hey, this is best practices going forward to make sure you stay in compliance." And then from there, because you don't need to be involved in all that minutiae, from there, we report back to you. And hopefully we report back, "Hey, everything's fine" and if they do get audited by an external entity, they're going to be in good shape. So we keep you posted along the way, but certainly not on a daily basis. We do it as you need it.

One of the kind of terms we use on the diligence side of looking at a company is also a term that applies to kind of the Port Co going forward, and that is that we're trying to assess whether or not there is a culture of compliance at a target. Can you talk a little bit about what that means and what it looks like and what the opposite of it looks like?

Sure. Well, a culture of compliance is a good transition, what we just talked about. It's not, "Hey, we finished our compliance work" you slam your book shut and say, "Okay, we'll look at this again next year". A culture of compliance is continuity where you're doing it all the time. You have a compliance committee set up, you have all types of reporting structures in place and you move along. And then if there is a compliance issue, you all get together and you figure out how to solve it and hopefully uncover it before somebody else does.

The importance of that, Geoff, is you would much rather, because of your culture of compliance, find a problem, than have the feds or the commercial payers come in and start poking around and find these things because then you're in a much less defensible position. You really want to, for lack of better words, be policing yourself throughout all of this.

So we just did... I don't know if it's a sidetrack, but we just got brought in on a deal, and they had, about a year ago, had started looking to purchase an organization. And they got about eight weeks into it and nobody ever asked them, "Hey, are you guys under any type of audit?" And found out that they were under a CIA, a corporate integrity agreement, and they'd already spent probably hundreds of thousands of dollars on due diligence. It didn't slow the deal down, it just stopped it. So there's a lot of stuff you want to look at and questions you want to ask to make sure you have that culture of compliance in place.

One of the ways the absence of a culture of compliance manifests itself can be a little harder to visualize, but it translates into real problems, and that is as a organization gets bigger, when there's not a corporate kind of culture of compliance, a lot of the choices that have regulatory implications are being made at levels of the organization where the people making those choices either don't have the regulatory sophistication to be making those choices, or they're operating in an environment that is more focused on business outcomes and willing to stretch the compliance ideas a bit. How do you see that playing out in companies that you review? That seems to be a recurring theme when I encounter a problem later.

The effects of not having a compliance program, they can be very expensive and they can be very time-consuming for the C-level people and the attorneys. And so not having a compliance program, it used to be when we started in this business, you could get away a little bit by saying, "Oh, I really didn't know that one, or I didn't know we were supposed to be doing it". But now with all of these more sophisticated organizations, with private equity involved all, you can't say, "I didn't know I was supposed to do that". So you're going to be looking at... If they come in and find stuff, you're going to be looking at trouble damages and extrapolation of fines. It can be very costly and it can really slow down your progress of getting ready for your next deal, which is usually three, five, seven years down the road. So it's really important.

The stakes keep getting higher and higher. I mean, it's one thing to make choices where you're absorbing some regulatory risk. And even in a smaller target, the relationship of risk to magnitude, it may be moderate risk and higher magnitude for that target, but something that is easier to wrap your head around absorbing, as opposed to a larger organization where that same calculus, you've got a moderate risk and high magnitude, the possibility that that risk comes home to you goes up dramatically, both in the sense that you're a higher level target for either the government looking at things or you're higher risk of a [inaudible 00:17:13] suit, or you're at a hundred percent risk that someone is going to be looking at these exact things in the context of a sale event in the not distant future, and some accommodation is going to have to be made with respect to that risk. So the ability to just kind of skate on things that have been a closer call when you're small get harder and harder to tolerate as you get bigger.

They really do, and implementation or operationalizing your policies into procedures is where we see most places kind of falling short. They might have spent some money or put a compliance program up on the shelf, but now they're not doing anything. They're not making it site-specific to their organization. They're not going in and auditing it and testing it to make sure that it's effective. And you brought up an interesting point, Geoff, whether it's the Feds looking at it or your next round of due diligence, somebody's going to look at it at some point. Especially now with private equity, I think everybody kind of knows that veil of safety that they had of being able to say, "Well, I'm just an investor in this company. We have no liability." That has gone, so people are really paying a lot more attention to it. And I think another thing that's happening is we all know the government is pretty broke and getting broker, and Medicare is not doing great, so we're starting to see a lot more commercial audits and CMS audits out there,

Right. It's like communities are raising revenue by issuing more speeding tickets. That's a little bit more intimidating when you're talking about AKS or Stark compliance. Those are a little bit more than speeding tickets.

Yes, they are.

Definitely a heightened environment is what we can expect for both necessity of compliance and the likelihood of review at some level by somebody.

Well, Wiks, I appreciate you joining. We'll probably call it there. This has been super interesting. It's a topic that comes up on every deal, the relationship of what I do with what you do, and we both serve important and at points overlapping, but at points very different functions in the context of both a transaction and the ongoing compliance of a Port Co going forward. But thanks again for joining us. This has been a ton of fun.

Yeah, thank you very much, Geoff. Have a great day.

Thank you for joining us on this installment of the Professor's Corner. To learn more about today's discussion, please email host Geoff Cockrell at gcockrell@McGuirewoods.com. We look forward to hearing from you.

This series was recorded and is being made available by McGuire Woods for informational purposes only. By accessing this series, you acknowledge that McGuire Woods makes no warranty, guarantee, or representation as to the accuracy or sufficiency of the information featured in this installment. The views, information, or opinions expressed are solely those of the individuals involved and do not necessarily reflect those of McGuire Woods. This series should not be used as a substitute for competent legal advice from a licensed professional attorney in your state and should not be construed as an offer to make or consider any investment or course of action.