Healthcare Implications of the New DOJ “Safe Harbor” for Self-Disclosure of Misconduct Identified as Part of Transactions

On October 4, 2023, Deputy Attorney General (DAG) Lisa Monaco announced a new U.S. Department of Justice (DOJ) Mergers & Acquisitions Safe Harbor Policy (the Safe Harbor Policy) for companies that voluntarily and timely self-report misconduct discovered during the due diligence of an acquisition target or the integration of the acquired entity, as discussed in our Sidley Update posted here. For healthcare and life sciences companies, which are subject to risk related to a variety of fraud and abuse laws, the creation of the Safe Harbor Policy raises unique implementation considerations. This Update highlights key implications of the Safe Harbor Policy for healthcare and life sciences entities, both in the transactional and civil enforcement contexts. 

I. Transactional Implications

Potential Impact on Buyer Diligence and Strategy

The Safe Harbor Policy places a greater emphasis on a buyer’s strategy and compliance-related due diligence and integration work if potential misconduct is discovered. 

• Buyers should consider enhancing their existing due diligence and accelerating integration efforts to identify a target company’s areas of potential misconduct in order to take advantage of the Safe Harbor Policy for issues identified in light of the Safe Harbor Policy. For buyers of healthcare providers, this may include additional due diligence in the form of medical necessity reviews, billing and coding audits, compliance audits, and marketing arrangements. For buyers of life sciences companies, this may include more detailed review of key areas of potential risk, including healthcare professional consulting arrangements, investigator arrangements, and other financial arrangements and interactions with healthcare professionals.
• Under the Safe Harbor Policy, buyers must agree to restitution and a disgorgement of profits resulting from the identified misconduct to receive the presumption of a declination — a decision not to pursue prosecution. This may result in additional complexity in the negotiations between buyers and sellers because buyers may prefer a self-disclosure with a purchase price reduction based on the expected restitution/disgorgement, while sellers may prefer not submitting a self-disclosure and providing indemnification post-closing.
• Absent other material structural or risk-related considerations, buyers may potentially be more willing to structure the acquisition of a target company subject to the Safe Harbor Policy as a stock deal, rather than an asset purchase, as risks associated with historical issues that are more likely to transfer under a stock deal have the potential to be mitigated by the ability to self-disclose.
• Buyers who identify possible misconduct should be prepared to invest potentially significant resources during the post-acquisition phase on compliance integration and remediation in order to correct or mitigate issues as appropriate within DOJ’s required timeframes and consistent with applicable healthcare industry standards including compliance guidance from the Department of Health and Human Services–Office of Inspector General (HHS-OIG).
• Buyers will also need to consider risks related to actions by other federal agencies and states in deciding whether to self-disclose.

Potential Impact on Seller Preparation and Strategy

For sellers, DOJ’s new Safe Harbor Policy places an increased emphasis on identifying risks and investing resources in compliance efforts in preparation for a sale process. Healthcare and life sciences sellers aware of misconduct may need to consider their strategic options, including alternative structuring and self-disclosure under the existing self-disclosure policies offered by DOJ’s Civil and Criminal Divisions. 

II. Civil Enforcement Implications

Although the focus of the announced Safe Harbor Policy is on criminal misconduct, the policy applies “Department-wide,” and “[e]ach part of the Department will tailor its application of this policy to fit their specific enforcement regime, and will consider how this policy will be implemented in practice.” DAG Monaco explained the policy was driven by the importance of offering “consistency” and “predictability” for companies considering self-disclosures in the context of mergers and acquisitions, and these goals apply with equal force in the civil context. DOJ’s Civil Division already has a voluntary self-disclosure policy through which companies can receive credit — most commonly in the form of a reduced damages multiplier — for making proactive, timely, and voluntary self-disclosures of potential violations of the False Claims Act (FCA). However, unlike the Safe Harbor Policy, the Civil Division’s current self-disclosure policy does not offer the consistency and predictability of a bright-line presumption in favor of resolving misconduct without a damages multiplier. Healthcare and life sciences companies considering self-disclosure of potential violations of the FCA identified during due diligence or post-acquisition integration should be prepared to make the case for why the Safe Harbor Policy should now apply to the Civil Division. At the same time, the Safe Harbor Policy raises a number of unique implementation considerations for the Civil Division, which disclosing parties should proactively address as part of their strategic engagement with DOJ and other stakeholders.

• ‘Qui Tam’ Relators: The majority of FCA cases are initiated by private whistleblowers known as relators, who can litigate cases even after DOJ declines to intervene. Relators face a financial incentive to litigate their cases, notwithstanding departmental policy goals. However, the Supreme Court’s decision last term in United States ex rel. Polansky clarified that DOJ has extremely broad discretion to seek dismissal of qui tam complaints over relator objections. Self-disclosing companies should be prepared to explain why dismissal is important to prevent interference with the objectives animating the Safe Harbor Policy.
• HHS-OIG: While this Safe Harbor Policy leaves HHS-OIG free to undertake its own enforcement actions with respect to self-disclosed conduct, including imposing civil monetary penalties or seeking to impose a corporate integrity agreement, HHS-OIG has long stated it takes self-disclosure into consideration. Self-disclosing companies should work with counsel adept at engaging not only with the Civil Division but also with HHS-OIG and be prepared to highlight the rigor of the company’s compliance program.

• HHS Agencies: Depending on the alleged misconduct, HHS agencies including the Centers for Medicare & Medicaid Services (CMS) and the Food and Drug Administration (FDA) may have an interest in imposing administrative remedies on the self-disclosing company. Companies should consider parallel engagement with relevant agency stakeholders to preempt CMS or FDA from feeling the need to take punitive steps to protect their prerogatives.

Any conversation regarding the relative risks and benefits of self-disclosure should include not only the acquiring and acquired company but also any private equity (PE) fund or strategic owners or investors and consider other applicable laws such as antitrust requirements. DOJ has increasingly expressed an interest in holding PE funds and other strategic buyers responsible under the FCA for misconduct they identified during due diligence but did not remediate, particularly where the PE fund or other strategic owner or investor had an opportunity to do so through a management agreement or similar role.