Healthcare was one of the hottest areas in mergers and acquisitions last year and we imagine will continue well into 2019.

While a lot of the M&A activity involved the consolidation of larger groups, we also saw established providers in one discipline expand into new parts of supply or delivery chains to provide a broader array of services. The most obvious example is the merger of Aetna and CVS, a massive deal with significant implications for the healthcare industry as a whole.

Healthcare Industry Risk Profile


“Healthcare” describes a very diverse world of activity, whether from a general risk perspective or within the context of M&A transactions. Risk considerations for pharmacies differ greatly from hospitals, elder care, or pharma, for example. However, several risks are common across a variety of healthcare-related transactions. These risks arise as a result of:

  • The recent shift towards value-based care models versus fee-for-service reimbursement models

  • Constantly evolving state and federal regulatory environments

  • Varying quality of physician care and underlying malpractice issues

  • Inadequate handling of a company’s existing medical malpractice professional liability program

  • Questionable reliability of founder-owned-and-operated business financial metrics

  • Difficulties in complying with state and federal tax codes

  • Inadequate data privacy and protection policies or measures


Some of the above risks are handled by traditional insurances, including:

  • Medicare and Medicaid billing

  • HIPAA compliance and other forms of regulatory compliance

  • Cyber risks

  • Product liability

  • Medical malpractice

  • Managed care


Depending on the specifics of the deal, representations relating to the listed areas above are the representations, that, if breached, could cause massive tangible and intangible losses. As a result, these representations tend to be pretty flat, in that they do not typically include qualifiers. The insurance market for representations and warranties cover was hesitant to provide coverage for many of the above warranties until fairly recently, but the expanding marketplace for the coverage and the large amount of opportunity have combined to make this a much more attractive sector to many of the insurance underwriting markets.

The other warranties mentioned above are often covered, to some degree, by existing insurances, as is discussed later in this article. The existence of such insurance policies and their adequacy will greatly impact the coverage available for those warranties in the representations and warranties policy, which will most likely only respond after any existing policies are exhausted.

Below we discuss the standard insurances common to healthcare and specifically those relating to the above warranties, but first, let’s look at how underwriters will evaluate these risks.

How Underwriters Assess Risk

Underwriters assess all transactions in three ways: (1) they review the actual language of the Sale and Purchase agreement, (2) they evaluate the quality of the due diligence done by the buyer in the M&A transaction and (3) they examine the target’s risk management measures and its insurance program.

Agreement Language

Turning first to the language of the agreement, the insurance underwriter typically asks the following questions:

Loss. How is loss defined? Can the buyer potentially claim a loss in the form of multiples of the purchase price? Does the buyer have the ability to file a claim for consequential damages, or is diminution in value part of the determination?

Materiality Scrape. A materiality scrape is a clause that modifies and/or diminishes the value of representations limited by materiality qualifiers. .” A single scrape clause applies only to whether a breach has occurred. A double scrape clause applies to whether a breach has occurred and to the amount of the breach. Having the scrape makes it easier for the buyer to bring a claim.

Sandbagging Language. Sandbagging language allows a buyer to bring a claim for a breach the buyer may have discovered during due diligence but which the buyer may not have disclosed to the seller.

Knowledge Scrape. Like the materiality scrape, the knowledge scrape modifies or diminishes the value of having representations limited to “as far as the seller is aware.”

Flat/Nuanced Reps. Are the representations flat or nuanced? A flat representation is a direct representation of something that is or something that is not. A nuanced representation can include materiality or knowledge qualifiers or be limited to certain dates.

Industry. Are the representations logical in light of the seller’s or the target’s industry? For example, a smelting operation that has multiple pages of environmental representations makes sense, but a chain of hairdressers with the same set of representations would make underwriters question the reason behind those representations. Similarly, medical malpractice insurance underwriters would expect to see more drilled-down representations on medical malpractice for a hospital or doctors’ group.

From these points in the sale and purchase agreement, the underwriter will gauge how a loss will be calculated by the buyer in the event of a breach.

Quality Diligence

Apart from existing insurance coverages and a strong claims history (i.e., no or few historical claims) a good due diligence process conducted by the buyer in an M&A transaction goes a long way to convince insurance underwriters to cover a particular set of representations and warranties. Coverage for Medicaid and Medicare warranties has become more easily available, for example, due to the proliferation of due diligence firms that are able to do specific diligence in this area. Third-party diligence to cover these kinds of representations is generally necessary, although some underwriters do not always require it. Key questions or deliverables the insurance underwriter would pose include:

Access. How much access did the buyer’s diligence teams get to the target? Knowing that the buyer’s team sat down face-to-face or had multiple calls with the target’s management team, accounting departments, IT, and in-house legal department is more comforting to an underwriter than seeing a set of questions and answers on a Q&A tracker. This information can be discussed on the insurance diligence call when the underwriter will ask a prospective insurance buyer to give a general overview of the buyer’s diligence process.

Quality of Replies. How fulsome were the target’s Q&A replies? The insurance underwriter may ask the buyer about the formal Q&A tracker. It may also ask more generally on the insurance diligence call whether the buyer’s team received comprehensive, detailed responses to its diligence questions or whether the responses were insufficient and difficult to obtain.

Third Parties. Were third parties engaged for the due diligence process or was the process handled internally? When private equity firms were the majority buyers of representations and warranties insurance (“RWI”) this question did not often come up and underwriters were wary of internal diligence, preferring to see third-party reports. Over the recent years underwriters have had more extensive experience underwriting policies based on internally-prepared diligence. This is due to the proliferation of the use of the internal due diligence process by strategic buyers. The key here is for the diligence results and conclusions to be presented to the underwriter in a consolidated written format. The easier the buyer’s presentation of the breadth and depth of the work done as part of the diligence process, the better. A well-presented consolidated written due diligence report may take more time but it is worth the effort. Forcing an underwriter to dig through a stream of emails is not in the best interest of the insured.

Nature of Current Insurance/Claims. What is the nature of the target’s existing insurance coverage and is there any claims history? A robust, in-place Managed Care Errors and Omissions (“E&O”) policy that responds to accusations of mismanagement of client needs and a clean claims history will go a long way towards avoiding any exclusions on the buyer’s RWI policy. This and other coverages may be the buyer’s greatest defense against inherited liability and will form a coverage underpinning for the RWI policy.

Any RWI policy is likely to only respond to a claim after the target’s existing insurance policy responds to it and becomes exhausted by paying out its full limit. It is, therefore, critical for the buyer to understand the nature of the target’s insurance policy that is already in place and that might cover a breach of an important healthcare representation.

As with all insurance policies, the devil is in the details. An example from personal experience involved a target company that had very robust Employment Practices Liability (“EPL”) insurance. However, it had a named exclusion for a specified senior individual who was the most likely candidate to cause an EPL issue. This exclusion effectively rendered the coverage moot in practice.

Target’s Existing Insurances

Apart from due diligence and the structure of the Sale and Purchase agreement, the third way for a buyer, and by extension, the insurance underwriter, to protect itself from financial harm in a healthcare purchase-sale transaction is to thoroughly understand the target’s risk management measures and its insurance program. A knowledgeable insurance broker, who specializes in the healthcare market, can conduct a thorough risk management and insurance due-diligence analysis that can be used to minimize potential risks. The buyer and/or its insurance broker must ensure that the target company has adequate and typical limits and coverage for the traditional areas of insurable risk for its specific industry.

In addition to the standard property and casualty, workers’ compensation, and management liability coverages, the “signature” healthcare risks are as follows:

Healthcare Professional Liability (Med Mal). Virtually synonymous with healthcare insurance, “Med Mal” has always been the point of focus for healthcare providers. However, after almost 14 years of improving loss trends and thus decreasing rates, Med Mal today can be eclipsed by E&O, workers’ compensation, cyber, or regulatory risks (see below) in terms of cost of risk. While there are emerging signs of rates getting higher overall, it remains a good time to be a medical professional liability insurance buyer. Excess capacity remains in the market—with new players entering the market while long-term players reap the benefit of the favorable Med Mal loss trends of the past decade. Many physician carriers are finding that their traditional physician-insured base has moved from independent practices to hospital employment models in which the facility buys the insurance. They are responding by lowering prices and expanding their market focus to try to win new business to replace this lost premium.

However, there is emerging evidence of a gap between current insurance pricing and the “true” cost of risk, as some alarming loss severity trends are beginning to surface. AIG’s recent exit from the Med Mal market, along with some other carriers’ narrowing focus, illustrates that some markets are trying to adjust the balance and make-up of risks on their books. While loss frequency remains flat, loss severity is increasing in most jurisdictions. A common thread in this severity escalation is rising litigation costs. Even costs associated with simply dismissing cases are higher than ever before.

Managed Care E&O (Payors) / Regulatory Compliance and Billing E&O (Providers). The paradox facing providers is that while much of the Affordable Care Act (“ACA”) encourages consolidation and narrow networks to increase operational efficiency, the Department of Justice is vocal about vigorously pursuing antitrust and regulatory actions. This creates the perfect storm for managed care E&O networking risks for payors and regulatory compliance and billing E&O for providers.

For example, accountable care organizations (“ACOs”), “risk sharing” networks of payors and providers, and coordinated care organizations (“CCOs”) as well as their derivative forms of capitated payment were all hallmark changes of ACA legislation. Yet one could argue that their very existence is in conflict with Stark Laws which were intended to prevent inducement or “steering” of patients to specific providers. As systems adapt for survival and increased value for patients, regulators allege violations and the vast majority of these allegations result in Managed Care Organization E&O claims. Thus, the market has responded by tightening terms with regulatory sub-limits, co-insurance, and increased retentions, or all of the above. Similarly, as payment rates for traditional providers are under increasing downward pressure, while the complexity of care and the number of reimbursement codes have increased exponentially, proper medical billing is as much art as it is science. In this environment, honest differences of opinion can quickly spiral into allegations of fraudulent billing (False Claim Act violations).

Cyber. Healthcare now surpasses financial and even information technology industries as the most expensive in terms of network security and data privacy claim costs. Some of the largest and by far the costliest breaches of all time have taken place in the healthcare sector. Kaiser, Dignity, Anthem, UC, Permera, Excellus, and Community Medical Systems breaches affected several million individuals. In fact, there were more healthcare breaches in 2015 than in all prior years combined, and that disturbing rate has not materially dissipated as the sophistication of breaches continues to evolve faster than the security measures can keep up. Furthermore, industry fines and penalties in the healthcare sector vastly eclipse all others, with multiple regulatory bodies claiming jurisdiction over the HIPAA-protected data in the healthcare industry. While there is still $200 million+ of limit per policy available, we are seeing a material variance in pricing and terms. It is tougher than ever to ensure proper coverage for the constantly-changing morass of regulatory bodies at several levels of government rushing to enforce alleged HIPAA and network security violations.

Conclusion

With the multitude of pricing, investor and disclosure concerns, ever evolving regulatory environment and changing market trends it can be daunting for any company to take on a healthcare transaction. However, a right team of legal, financial and insurance advisers who specialize in this increasingly complicated field can make a world of difference between a failed and a successful deal.

Healthcare deals are more insurable than ever before. We are seeing our healthcare clients move into new unfamiliar areas as new, disruptive healthcare insurance models and tech-enabled insurance solutions evolve. For a buyer, understanding the substance of the targets’ existing insurances and how they interact with the RWI policy the buyer may be relying on is vital. A well-executed risk management diligence audit and a properly structured RWI placement are important tools for seizing the opportunities presented by strategic transactions.

Author Information

Emily Maier is a partner and senior vice president, National Group Leader - M&A Insurance at Woodruff Sawyer where she leads the company’s M&A practice. She provides consultation and support to clients seeking to minimize their risks associated with M&A activity, including representations and warranties, tax opinion liability and litigation buy-out coverages.

Chad Follmer is a senior vice president, Healthcare and Life Sciences Practice leader at Woodruff Sawyer where he leads the company’s healthcare practice. His expertise in the healthcare and medical industry includes regulatory risk, data privacy and cyber risks, alternative risk finance structures (captives, RRGs, SIRs and trusts) and risk solutions for ACOs and all forms of coordinate care structures.