In 2012, Riordan, Lewis, and Haden, Inc. (RLH), a private equity (PE) firm, acquired a majority interest in a compounding pharmacy through one of its funds.1 On behalf of the fund’s investors, RLH controlled and directed the company’s operations, RLH partners became officers of the company, and RLH maintained a majority of the company’s board seats.2 Like many PE firms, RLH planned to increase the company’s value and anticipated an exit in five years.3 Instead, seven years later, RLH and the pharmacy ended up paying the government US$21 million to settle allegations that they violated the AntiKickback Statute (AKS) and the False Claims Act (FCA).4 What happened during the years RLH managed the pharmacy—and how the government responded—provides a cautionary tale for PE firms looking to capitalize on the rapidly expanding health care industry.
This article analyzes emerging risks to PE firms that invest in the health care sector by examining the current enforcement landscape and significant FCA litigation; identifies key factors that increase FCA risk for PE firms in the health care space and risk related to participation in COVID-19 stimulus programs, like the Paycheck Protection Program (PPP) and the Provider Relief Fund (PRF); and concludes with a discussion of best practices PE firms should consider in order to minimize FCA liability exposure. Key takeaways include: 1. FCA enforcement actions initiated by relators and the U.S. Department of Justice (DOJ) against PE firms that invest in health care are on the rise. 2. Given the health care industry’s complex regulatory structures, PE firms sometimes do not fully appreciate the extensive FCA-related risks associated with their investments in health care portfolio companies. 3. Key areas of focus have emerged through recent FCA actions against PE firms related to their investments in health care companies, including the extent of the PE firm’s involvement in the portfolio company’s operations; the firm’s knowledge of applicable health care laws and regulations, and potential conflicts between the firm’s investment goals and legal compliance. 4. Best practices for PE firms to avoid, or mitigate against, potential FCA exposure including extensive due diligence and knowledge of the portfolio company’s business; development of a robust corporate compliance program tailored specifically to the portfolio company; awareness of, and responsiveness to, industry “red flags”; and consultation with experienced health care counsel.
It is estimated that PE firms invested at least US$78.9 billion in health care in 2019 alone, and such extensive investment is considered only the beginning of a much wider move by PE firms into health care.5 Yet as firms enter this sector, they face the significantly elevated risk of FCA liability exposure that comes with conducting business in one of the most heavily regulated industries in the United States—and one that regulators are scrutinizing even more closely against the backdrop of the persistent public health emergency caused by COVID-19.6 This risk is exacerbated all the more for PE firms that are new entrants into health care and unfamiliar with its treacherous regulatory terrain. Adding to this risk profile, DOJ has announced a sharpened focus on PE firms as targets for FCA enforcement in connection with the conduct of their portfolio companies. DOJ recently disclosed two qui tam settlements, following the government’s intervention, in which PE firms agreed to pay more than US$22.5 million to resolve allegations of FCA violations involving their portfolio companies.7 Qui tam relators also appear committed to adding PE firms as defendants in FCA suits on the government’s behalf. I. DOJ’s New Focus on Private Equity Through FCA Enforcement In public remarks last year, the former head of DOJ’s Civil Division—the litigating component responsible for supervising FCA litigation and implementing FCA enforcement policies nationwide—indicated that the government would closely scrutinize portfolio companies that receive government stimulus funds.8 The DOJ official noted that enforcement targets may include, in appropriate cases, PE firms that invest in companies receiving government stimulus funds, including proceeds from the Coronavirus Aid, Relief, and Economic Security (CARES) Act.9 PE firms investing in highly-regulated spaces, he warned, including health care and life sciences, should be aware of the laws and regulations designed to prevent fraud in those industries,10 and firms which take an active role in the misconduct of their portfolio companies can expose themselves to FCA liability.11 As described below, DOJ has also expressed the view in various forums that PE firms that dip their toes into regulated industries like health care cannot claim ignorance regarding compliance issues and should be prepared to educate themselves about the risks created by their portfolio companies’ pre- and post-acquisition business practices. In sum, DOJ’s focus on PE firms and its commitment to intense scrutiny of the use of CARES Act funds raises the risk that government investigators or qui tam relators will flag the conduct of portfolio companies operating in the health care space.12
II. Significant FCA Litigation DOJ has bluntly stated that PE firms “do not get . . . special pass[es]” when it comes to FCA liability for conduct related to their portfolio companies.13 The cases below involve qui tam complaints where DOJ, or state governments, decided to intervene in relators’ cases against PE firms, one or more of their portfolio companies, or one or more of their principals or directors. These cases demonstrate that the government closely considers a PE firm’s involvement in the management of the portfolio company when determining the scope of potential FCA liability. The government may also focus on the influence imposed by firms on portfolio companies to rapidly improve profitability through potentially improper means, such as by paying kickbacks to increase sales or directing providers to “upcode” or provide medically unnecessary services to increase billings. In addition, these cases highlight the importance of promptly resolving any potential FCA issues that arise during due diligence or management reviews and the government’s willingness to hold PE firms accountable if they acquiesce in “business as usual” at their portfolio companies. While the government’s decision to intervene in a qui tam matter brought by a private plaintiff is a fact-intensive inquiry made with respect to each named defendant, the likelihood of intervention against a PE firm increases commensurate with the extent to which the government views the firm’s conduct to be severe or egregious. United States ex rel. Medrano v. Diabetic Care Rx, LLC In February 2018, DOJ intervened14 in a qui tam suit against Diabetic Care Rx, LLC d/b/a Patient Care America (PCA) and its majority owner PE firm RLH alleging that PCA, under the RLH’s management, paid kickbacks to outside marketing companies, resulting in unnecessary prescriptions for expensive topical creams reimbursed by TRICARE.15 The government claimed that RLH “initiated [PCA’s] entry” into the pain management cream business to “capitalize on the extraordinarily high profitability of this therapy, which RLH allegedly anticipated could result in a quick and dramatic payback on its investment in [PCA].”16 RLH installed on the PCA board two of its principals who led the pain management initiative and contemplated that the creams would be reimbursed by government payors.17 RLH further allegedly knew of and endorsed PCA’s plan to pay independent contractors commissions to generate prescriptions for the creams, in violation of the AKS.18 In response to RLH’s motion to dismiss, the government focused on several factors it alleged were sufficient to establish that RLH, through its principals, “actively managed and led PCA through the scheme that
fraudulently siphoned tens of millions of dollars from TRICARE.”19 First, the government emphasized that RLH was an active investor, controlling and managing PCA by placing two of its principals on PCA’s board.20 Second, the government highlighted RLH’s management of other health care companies, indicating that it was not “a new player in the health care world.”21 The government called attention to RLH’s motivation to “disregard the details of how PCA’s compounding business generated its profits” due to RLH’s desire “to make PCA valuable quickly and sell it for profit” and its alleged approval of several aspects of the kickback scheme.22 Additionally, the government noted that RLH transferred money to PCA to pay the independent contractors’ commissions when PCA had not yet received reimbursement from TRICARE.23 Finally, RLH was allegedly advised by counsel that PCA’s marketing relationships likely violated the AKS, but refused to convert the independent contractors to employees.24 In September 2019, DOJ announced that it had reached a settlement with PCA and RLH in which they agreed to pay more than US$21 million to resolve the government’s claims.25 Medrano is particularly significant because it lays out the factors that DOJ considers in determining whether a PE firm should be held liable for its portfolio companies’ potential FCA violations, including whether the firm: (1) is an active investor; (2) has experience operating in the regulated industry; (3) has a financial incentive to cut corners and generate profit as soon as possible; (4) approves of conduct that violates the FCA; and (5) receives, and subsequently ignores, legal advice that the portfolio company’s conduct violates the FCA. As discussed further in the Best Practices section below, PE firms should consider these factors in structuring their management of portfolio companies, including whether to appoint principals or other employees to portfolio companies’ boards of directors. United States ex rel. Martino-Fleming v. South Bay Mental Health Center, Inc. In Martino-Fleming, the qui tam relator sued health care provider South Bay Mental Health Centers (South Bay), alleging that South Bay billed the Massachusetts Medicaid program (MassHealth) for mental health services provided by unlicensed, unqualified, and unsupervised employees in violation of state regulations.26 The relator also named two PE firms and Community Intervention Services, Inc. (CIS)—an entity formed by the PE firms to purchase South Bay—alleging that the firms and CIS knew of the violations but did nothing to resolve them.27 The relator further alleged that members and principals of the PE firms formed a majority of the CIS and South Bay Boards and were directly involved in the operations of South Bay.28 Although the United States declined to intervene,29 the Commonwealth of Massachusetts filed a complaint in January 2018.30 According to the plaintiffs, the relator told a principal of one of the PE firms that South Bay’s clinicians lacked the licensure and educational background required by MassHealth regulations and were not being appropriately supervised, rendering the billing for South Bay’s services improper.31 In response, CIS allegedly instructed investigative teams to determine the cause of employee turnover and deficiencies in the supervision of South Bay’s clinicians.32 When the teams advised South Bay to hire additional qualified supervisors to comply with MassHealth legal requirements, the CIS board allegedly rejected the recommendation, calling the investigation an “enormous waste of time and resources.”33 In February 2018, the firms and CIS moved to dismiss the complaint,34 arguing that their alleged failure to stop South Bay’s practice of submitting claims for services by unqualified and unsupervised clinicians was insufficient to establish liability because the FCA requires “affirmative” steps to “cause” the submission of claims.35 The district court disagreed. In finding that the relator had sufficiently pleaded a claim for South Bay’s FCA liability, the court focused on the relator’s allegations that: (1) the investigative teams expressly informed the CEO and boards of CIS and South Bay that the supervision of clinical workers violated state regulations, recommended a solution to the problem, and were rejected; and (2) the CEO of South Bay knowingly ratified South Bay’s policy of submitting false claims by rejecting recommendations to bring it into regulatory compliance.36 Like Medrano, Martino-Fleming highlights the potential exposure created when private equity firms become active managers in their health care portfolio companies. MartinoFleming suggests that all a relator or the government must plead in order to establish a PE firm’s liability for misconduct by a portfolio company is that the firm installed its members and principals on the portfolio company’s board—particularly if those individuals make up a majority of the board or the firm’s members or principals were directly involved in the operations of the portfolio company. United States ex rel. Johnson v. Therakos, Inc. Even PE owners that assume a less active managerial role may find themselves on the hook for portfolio company misconduct. In December 2016, relators sued Therakos, Inc. (Therakos), and its former and current owners—including PE firm The Gores Group (TGG)—alleging that Therakos caused false claims to be submitted to federal and state health programs by engaging in off-label and illegal marketing of pediatric lymphoma treatments.37 The relator further alleged that TGG hired Therakos’ new chief executive officer—a former Therakos employee— and that much of the same misconduct that occurred when Therakos was under previous ownership continued following acquisition by TGG.38 In November 2020, the United States intervened and announced a US$1.5 million settlement with TGG to resolve allegations that Therakos continued its improper sales and promotion practices after TGG acquired the company.39 Unlike in Medrano or Martino-Fleming, the relators’ sole allegation in this case was that TGG hired a new CEO and allowed the purported misconduct at Therakos to continue during its ownership.40 While the instructiveness of Johnson to PE firms in the health care space is limited due to the sparse allegations in the complaint regarding TGG’s management, the government’s willingness to pursue TGG under these circumstances indicates that it has adopted an aggressive theory of FCA liability that includes private equity investors that do not assume active managerial roles. TGG apparently did not initiate the allegedly wrongful conduct at the portfolio company or oversee it, but the government still took the position that TGG was responsible for continuation of conduct by Therakos from its previous owner. Johnson may portend future enforcement actions attempting to hold PE firms liable under the FCA where the potentially wrongful conduct began pre-acquisition. Additionally, the Johnson settlement suggests that DOJ expects PE firms to uncover potentially fraudulent conduct and remediate any compliance issues.41 III. Enhanced FCA Risk for Private Equity Firms The confluence of PE’s expansion into the health sector and the impending wave of COVID-19-related enforcement under the Biden Administration mean that prioritization of PE firms as FCA defendants will only intensify. Expect DOJ to double-down on its previously expressed position that by making an investment in a health care company, a PE firm should be expected to know that the companies are subject to certain fraud and abuse laws.42 a. Extent of Involvement in the Portfolio Company’s Operations A threshold issue for determining the potential scope of FCA liability for PE firms and their principals is the extent of the firm’s involvement in directing and controlling a portfolio health care company’s business practices. Because a successful FCA claim need only show that the defendant knowingly submitted or caused the submission of a false claim for payment, a firm’s principals may be liable even if they do not directly submit claims themselves.43 As shown by cases described above, “causing” the submission of a claim may not necessarily include taking affirmative steps that assist in the presentation and preparation of the claim.44 The current state of the case-law shows that the more supervision and direction given to the portfolio company, the greater the risk to the PE firm. For example, in Martino-Fleming, the relator alleged that the PE firm was liable for its subsidiary’s submission of false claims because its principals and members comprised a majority of the CIS and South Bay boards and were involved directly in operations. The court found these allegations sufficient to state a claim, noting that “[a] parent may be liable for the submission of false claims by a subsidiary where the parent had direct involvement in the claims process.”45 Similarly, in Medrano, DOJ emphasized the contacts and control exercised by RLH over the compounding pharmacy and its contractors. The pleadings mention, among other allegations, that RLH partners served as PCA board members; directed and oversaw the hiring of PCA’s CEO; required joint decision-making with the CEO; knew of and approved the use of independent contractors; were informed of the revenue increases; and were aware of the large percentages of the revenue being generated by the contractor.46 Given the limited case-law on FCA actions against PE firms, just how close a firm can get to the business operations without the potential for liability remains undefined. For now, however, if a PE firm plans on acting as more than a passive holding company, it should be prepared for increased scrutiny. b. Knowledge of Health Care Laws and Regulations Regardless of how removed a defendant may be from the actual submission of a false certification, to adequately allege an FCA claim the government and private plaintiffs must show that a defendant acted with the requisite scienter—either that the defendant had actual knowledge that the submitted claims were false or acted with deliberate indifference or reckless disregard for the truth or falsity of the claim.47 Relators or DOJ are likely to point to the firm’s knowledge of the industry’s regulatory obligations as evidence of scienter regarding false claims. For example, in Medrano, DOJ alleged that RLH, an investor in health care companies, knew or should have known that PCA’s business model, based on billing federal health care programs, was subject to fraud and abuse laws.48 The government pointed to documents reviewed by RLH partners that described risks inherent in the industry, including the purchase agreement, which included a representation that no member of the pharmacy, or its agents or employees, had “made or offered to make, or solicited or received, any contribution, gift, bribe, rebate, payoff, influence payment, kickback or any inducement… in violation of the federal Anti-Kickback Statute.”49 The RLH partners also received a copy of the employee handbook, which detailed the prohibition against kickbacks and bribes under federal law, and one RLH partner sent the portfolio company CEO regulatory guidelines regarding copayment waivers.50 Medrano offers a reminder that the government will consider firms to have knowledge of these risks once they enter the health care sector and implies that PE firms may be unable to effectively distance themselves from the management of their health care portfolio companies in order to mitigate FCA risk. Establishing a comprehensive corporate compliance program equipped to properly identify and assess risks is therefore an important step in preventing violations—and defending against them—if there are breakdowns in compliance. c. Potential Conflicts Between Investment Goals and Legal Compliance PE firms, at times, acquire portfolio companies with the goal of increasing the company’s value and selling the investment for profit, with an exit that can be as short as five to seven years. While this model may incentivize firms to take an active management role in the company’s day-to-day operations with an eye to reducing costs and identifying ways to increase profits, they should also be mindful of the risks of FCA exposure it creates. PE firms may look for ways to drive the profitability of the portfolio company, such as pushing what might be construed as aggressive treatment volumes or seeking new revenue streams, but a company culture that seeks rapid growth also increases the risk of noncompliance or misconduct, from the management level down through outside contractors. In Medrano, the government alleged that the firm’s plan to drive revenue led to independent contractors being paid commissions to generate prescriptions for high-revenue treatments, in violation of the AKS. In another private lawsuit against a Florida dermatology practice and its PE owner, the plaintiff, a former doctor at the practice, alleged that the practice made a decision to dramatically increase revenues to make the company appear more profitable by implementing practices that generated more Medicare billings.51 To accomplish this goal, the plaintiff alleged that the practice required medical assistants to claim that patients received care for nonexistent ailments, resulting in higher profits for the company and false claims for Medicare reimbursement.52 Simultaneously, PE firms may try to reduce a portfolio company’s costs, or avoid incurring additional costs, including for compliance-related expenses. In MartinoFleming, the portfolio company board rejected suggestions to hire qualified supervisors that would help it comply with MassHealth regulations.53 While the board may have avoided the expense at the time, the lack of qualified supervisors led to protracted—and ongoing—litigation. Similarly, in Medrano, the PE firm delayed hiring a compliance officer and then hired one with no relevant experience or training, two facts DOJ pointed to as a failure to implement sufficient internal controls.54 As Medrano and Martino-Fleming illustrate, upfront costs can help avoid expensive future compliance issues and head off potential FCA violations by identifying violations before they become more serious. They can also act as a defensive tool should the firm become embroiled in subsequent civil or criminal claims. d. PPP and PRF Certifications The same principles that expose PE firms to risk related to federal health care programs also extend to certifications made under the PPP and the PRF. The PPP requires borrowers to make various certifications, including that the loan was “necessary to support the ongoing operations of the Applicant.”55 Similarly, health care providers that sought PRF funds were required to sign attestations certifying compliance with certain terms and conditions, which were later supplemented by government-issued Frequently Asked Questions. For PRF funds, the terms and conditions included, among others, an attestation that the funds would be used only to prevent, prepare for, or respond to the COVID-19 pandemic. Companies that falsely certified to the requirements of the respective programs and received funds may face FCA liability. With respect to the PPP’s necessity certification, companies can expect that the U.S. Small Business Administration and DOJ will closely scrutinize PPP borrowers who appear to have access to other potential sources of liquidity, including those borrowers owned by PE firms. DOJ recently announced the first settlement involving civil fraud claims involving a PPP borrower, undoubtedly a harbinger of coming government enforcement actions related to the program.56 It’s likely that public company borrowers and borrowers with a nexus to PE and venture capital will be top priorities for audits and investigations. Although false certifications for PPP loans are likely to touch many different industries, providers of nonemergency health care services, such as dentistry and dermatology, were hit particularly hard with a pandemicfueled reduction in business. Many applied for and received PPP or PRF support, even those backed by PE firms.57 While PPP loans may have been used legitimately to provide for continuing operations—or to prevent, prepare for, or respond to COVID-19—the government is likely to look at alternative sources of liquidity to which the practices may have had access, how the loan proceeds were used, and how closely involved the PE firm may have been in securing the funds. As with FCA liability for federal health care programs, officers of PE firms who were involved in applying for PPP or PRF funds (and making related certifications or attestations) on behalf of their portfolio companies may face liability if their role indicates they exercised influence over the decision to seek the funds or directed how the funds were used. Such actions could include signing the certification, directing the portfolio company to apply, or even merely managing or reviewing the applications. IV. Best Practices for Private Equity Firms to Avoid FCA Liability Although PE firms may be new to the health care sector, they can use their familiarity with the regulatory space in which they traditionally operate to anticipate and identify compliance concerns. As described below, firms should exercise caution at every stage of their interest in a portfolio company. a. Conduct Exhaustive Due Diligence In order to identify fraudulent conduct and related risks, prior to the acquisition of a target company PE firms should include in due diligence reviews a focus on high-risk areas like licensing, billing, and relationships with third parties and vendors. Such inquiries may reveal existing fraudulent conduct or potential gaps in compliance. In Martino-Fleming, for example, the absence of proper certifications for medical professionals extended four years before the firm’s purchase of the company.58 Likewise, in Johnson, false claims were submitted to federal and local health departments before the PE firm purchased the company and continued, post-acquisition, for two more years.59 In both cases, it is possible that more extensive due diligence could have uncovered the issue prior to sale.60 To the extent such issues are not identified, companies should build proper limitations of liability, indemnifications, and escrows into agreements for preacquisition conduct. Firms should also ensure that that a formal corporate compliance program exists at the target company prior to acquisition. An existing and effective compliance program can be better acquainted with the business and assist with post-acquisition compliance, whereas the absence of an effective program may be a red flag for the firm. b. Get to Know the Business Most FCA claims against PE firms and their officers or directors point to the extent of an officer’s involvement in the portfolio company’s operational decisions. While PE firms may see advantages in close contact and direction offered by their members, the more direction they provide the greater chance for liability. To mitigate this risk, individuals who will have close contact with the portfolio company should educate themselves about which aspects of the company’s operations may be most susceptible to fraud. Does the business subcontract to vendors or contractors that may receive commissions for sales potentially in violation of the AKS? Are doctors or clinicians incentivized to exaggerate the number of procedures performed or otherwise increase volume? Identifying these potential vulnerabilities may help officers develop strategies for long-term planning. PE firms should also examine, pre-acquisition, how much of the business’s revenue comes from federal health programs and if those revenue streams will be maintained. Understanding these fundamentals will allow firms to gauge the risks associated with driving profit from the target company. Firms should plan, in consultation with experienced counsel and compliance staff, how they will drive increases in revenue from federal health care programs, while guarding against potential fraud. c. Create an Effective Corporate Compliance Program PE firms should ensure not just that a corporate compliance program exists, but that it is robust enough to identify compliance failures and face the scrutiny of a would-be government investigation. Compliance officers should have experience in the field and have real authority over the key business units. In Medrano, the government pointed to the absence of a compliance officer at the pharmacy for over two years and the fact that the individual who was ultimately hired did not have education, training, or experience in compliance.61 PE firms should consider the recommendations set out in DOJ’s guidance document on evaluating the effectiveness of a corporate compliance program and focus on three fundamental questions: is the compliance program well designed, is it adequately resourced and empowered to function, and does the program work in practice?62 d. Recognize Red Flags Rapid growth that exceeds expectations could be an indicator that fraudulent activity is driving returns. In Medrano, the company’s auditors noted that the compounding business had grown significantly and suggested that the company receive a legal opinion to assure them that the agreements did not violate the AKS.63 In a heavily regulated industry, rapid growth is not always good news.
e. Seek Advice From Experienced Health Care Counsel Finally, in addition to ensuring that those who play a managerial role with the portfolio company are well informed of compliance risks, consulting with experienced outside health care counsel is an important step to avoiding illegal conduct, and addressing it if it does arise. K&L Gates’ health care fraud group routinely assists private equity firms, health systems, hospitals, and other providers and suppliers with legal advice regarding FCA, AKS, and Stark Law compliance, including internal compliance reviews, transactional due diligence, external and internal investigations, and general strategic considerations.