Grant Thornton: Providing Robust Due Diligence to Facilitate Successful Health System Mergers and Acquisitions

In this business profile, Scott Davis and Stephen Thome of Grant Thornton LLP Health Care Advisory Services discuss the importance of comprehensive due diligence and offer strategies for ensuring a process that supports smooth mergers and acquisitions. Grant Thornton LLP is a sponsor of the HFMA Large System Controllers Council.

How does due diligence add value to large, strategic transactions?

First and foremost, due diligence should identify large risks associated with a proposed transaction. At Grant Thornton, we usually stratify these risks into the following categories:

• “Stop the deal!” risks that take the form of ominous potential liabilities and compliance issues that will be difficult to mitigate;
• Material risks, which can be addressed in the definitive agreement;
• Smaller risks that should be monitored or fixed post-transaction.

By stratifying risks in this way, we can protect clients from value-killing liabilities while laying out a roadmap for addressing concerns that exist in any organization being acquired. We find it valuable to communicate early, often, and collaboratively with our clients so that any risks we identify can be addressed in how the deal is shaped and/or with specific language in the definitive agreement.

When preparing for a merger or acquisition, what is the extent of due diligence analysis required?

To be effective, due diligence needs to assess risk beyond traditional quality of earnings—it is important to assess it more holistically. For example, physician compliance risk can ultimately create as much or more financial exposure as low-quality receivables. As such, it is critical to assess risk across key functional areas and quantify the associated financial liabilities while assessing the underlying operations.

What are the “usual suspects” that bear the most risk in health system deals?

With the caveat that “it depends,” we often uncover risks that alter deal terms or require immediate post-merger attention in the following areas: compliance and coding; information technology (IT) and cyber risk; physician relations; human resources and benefit plans; tax; and strategic fit. Many times, nonprofit health systems that are acquired have experienced significant financial stress, so that requires a strong effort related to assessing quality of earnings. This financial stress frequently leads to underinvestment in the previously mentioned operational areas (as well as in physical assets). For example, underinvestment in cybersecurity or maintaining proper compliance controls is a common finding.

How do you assess strategic fit?

Strategic fit encompasses how the target organization’s services and territory fit into the acquirer’s portfolio. These and other strategic drivers for the transaction will often define the acquirer’s risk profile. If the acquired health system has a strong primary care base, it raises the risk profile of physician contracting related to Stark violations, private inurement, and fraud and abuse exposures to a higher level. As the acquiring health system makes larger capital commitments for programs and facilities in the acquired entity’s market, it is as important to assess the quality of those investments as it is to analyze the acquired entities’ balance sheets. This involves testing the growth assumptions and fertility of the referral base built into the financial models, along with the financial assumptions.

What types of risks do you find related to IT?

IT has become the central nervous system of healthcare organizations, so any weakness inherent in an acquired entity’s IT systems, processes, and people can metastasize to the acquirer. For instance, out-of-date IT systems can make it difficult to achieve meaningful clinical integration post-merger, which can be costly to address and create a poor patient experience for the acquiring health system’s brand and reputation. We recently observed an outdated electronic medical record (EMR) during a diligence analysis that was one of only a few of its kind that remained in use. The threat that support and maintenance could end abruptly was a real risk. We also see capital budgets for new EMRs that are grossly understated, and calling these situations out is crucial.

Cyber risk is frequently in the news, and the need to preserve information privacy and security seems obvious, but it isn’t necessarily front-of-mind to the CFOs and general counsels during a transaction. Any weaknesses at the acquired entity will create vulnerabilities for our clients post-transaction. Cyber risk and HIPAA go hand in hand, but ransom threats and lost productivity associated with viruses also can be debilitating.

How do you identify risks while performing your work?

In some cases, the executives of the organizations being acquired are forthcoming and disclose their concerns. However, due diligence requires a level of professional skepticism to dig deeper. We typically conduct 15 to 25 interviews with executives and managers, and we collect vast amounts of information from the target organization. The data drive the interviews. We also analyze external sources, ranging from auditors’ work papers, rating agency and tax authority correspondence, and Program for Evaluating Payment Patterns Electronic Reports (PEPPER) for coding practices. Triangulating among these sources can be quite revealing.

Other than deal-breaking risks, what are your most significant findings?

Due diligence provides executives with a lot of insight into the organizations they are acquiring. Along with calling attention to big risks, we also profile several aspects of a potentially acquired organization. This includes profiles of clinical services; physician profiles of specialties, productivity, and compensation; inventories of IT applications; patient and volume trends; and more. This information goes a long way toward helping the acquirer know what it is getting and laying the foundation for post-transaction integration.

Transaction timelines are tight. How do you get this amount of work done in a short time frame?

Grant Thornton executes due diligence engagements with an experienced core team that performs the quality of earnings analysis but also organizes the interviews and data collection across all other functional areas. Then, we bring in subject matter specialists for IT, physician services, tax, compliance, and other areas. This allows us to move quickly and act as an organized team while leveraging specialized expertise.

For more information on how Grant Thornton can help with your next merger or acquisition, go to www.grantthornton.com.

Our clients take advantage of our collective knowledge, gained from extensive experience in and with healthcare organizations. Grant Thornton LLP Health Care professionals across the country personally deliver solutions and operational improvements to meet patient care, compliance, and business needs.

Content for this Business Profile is supplied by Grant Thornton LLP. This published piece is provided for advertisement purposes. HFMA does not endorse the published material or warrant or guarantee its accuracy. The statements and opinions of those profiled are those of the individual and not those of HFMA. References to commercial manufacturers, vendors, products, or services that appear do not constitute endorsement by HFMA.