Introduction
Healthcare companies operate within a compliance framework that has no parallel in other industries. Three federal statutes constrain how healthcare companies structure business relationships, compensate physicians, and bill government programs. For healthcare bankers, these laws are not abstract legal concepts. They create material liability exposure in M&A transactions, require specialized due diligence beyond standard financial analysis, and directly affect how deals are structured, particularly in healthcare services where physician employment and referral relationships are central to the business model.
This article covers the three core compliance laws, what they prohibit, and why they matter for deal analysis.
The Stark Law: Physician Self-Referral Prohibition
The Stark Law (formally the Physician Self-Referral Law, 42 U.S.C. 1395nn) prohibits physicians from referring Medicare or Medicaid patients for "designated health services" (DHS) to entities with which the physician (or an immediate family member) has a financial relationship, unless a specific exception applies.
- Designated Health Services (DHS)
The categories of services covered by the Stark Law's self-referral prohibition. DHS includes clinical laboratory services, physical therapy, occupational therapy, radiology and imaging, radiation therapy, durable medical equipment, home health services, outpatient prescription drugs, and inpatient/outpatient hospital services. Essentially, if a physician refers a Medicare patient for any of these services to an entity the physician has a financial interest in, the Stark Law applies.
The key features of the Stark Law that matter for banking:
- Strict liability. Unlike most laws, Stark does not require intent. If the technical elements are violated, liability attaches regardless of whether anyone intended to do anything wrong. An inadvertent violation (failing to meet every requirement of an exception) creates the same legal exposure as a deliberate scheme
- Exception-based structure. Nearly every physician-entity financial relationship in healthcare would violate Stark without exceptions. The law provides roughly 35 exceptions (fair market value compensation, employment relationships, in-office ancillary services, rental arrangements, etc.) that allow legitimate business relationships to proceed. But each exception has detailed technical requirements that must be meticulously documented
- Penalties. Violations trigger denial of payment, refund obligations, civil monetary penalties of up to $15,000 per service, and potential exclusion from federal healthcare programs
The Anti-Kickback Statute: Paying for Referrals
The Anti-Kickback Statute (AKS, 42 U.S.C. 1320a-7b) makes it a federal crime to knowingly and willfully offer, pay, solicit, or receive anything of value to induce or reward referrals of patients covered by federal healthcare programs.
Where Stark is narrow (only physicians, only DHS, only Medicare/Medicaid), the AKS is broad: it applies to anyone (physicians, hospitals, device companies, pharma reps, management companies), covers any federal healthcare program, and prohibits any form of remuneration (cash, gifts, free services, below-market rent, lavish dinners, consulting fees) that is intended to influence referrals.
- Safe Harbors
Regulatory provisions that protect specific payment arrangements from Anti-Kickback prosecution if all conditions are met. Key safe harbors include: fair market value personal services agreements, employment relationships, bona fide discounts, investment interests in large entities, and management contracts. Like Stark exceptions, safe harbors have detailed technical requirements. An arrangement that mostly fits a safe harbor but misses one element is not protected.
The AKS differs from Stark in several ways that matter for deal analysis:
- Intent required. AKS requires "knowing and willful" conduct, unlike Stark's strict liability. But the bar for proving intent has been lowered over time; courts have held that if "one purpose" of a payment is to induce referrals, the AKS is violated, even if there are other legitimate purposes
- Criminal penalties. AKS violations are felonies punishable by up to $100,000 per violation and up to 10 years imprisonment. The criminal dimension makes AKS exposure more severe than Stark in high-profile enforcement cases
- Broad application. AKS applies to pharma company speaker programs, device company consulting arrangements, hospital joint ventures, management service agreements, and virtually any business relationship where money changes hands and referrals exist
The False Claims Act: The Enforcement Hammer
The False Claims Act (FCA, 31 U.S.C. 3729-3733) is the federal government's primary tool for combating healthcare fraud. It imposes liability on anyone who knowingly submits (or causes the submission of) false or fraudulent claims for payment to the government.
The FCA is the enforcement mechanism that gives Stark and AKS their teeth. When a Stark violation or AKS violation leads to claims being submitted to Medicare or Medicaid, each such claim becomes a potential False Claims Act violation. The math escalates quickly:
- Treble damages. The FCA imposes damages of three times the amount of the false claim
- Per-claim penalties. Civil penalties per false claim currently range from roughly $13,000 to $27,000 per violation
- Qui tam provisions. The FCA allows private individuals (whistleblowers, called "relators") to file lawsuits on behalf of the government. Relators receive 15-30% of any recovery, creating a powerful financial incentive for current and former employees to report compliance violations
The FCA is the most financially significant healthcare compliance law. The Department of Justice has recovered over $75 billion in FCA settlements and judgments since 1986, with healthcare consistently accounting for the majority of recoveries. Major settlements regularly exceed $500 million, and several have topped $1 billion.
How Compliance Laws Affect Deal Structures
These three laws collectively shape healthcare M&A in several concrete ways:
Due diligence scope. Healthcare acquisitions require compliance-specific due diligence that goes beyond financial and operational analysis. This includes reviewing billing patterns, physician compensation arrangements, referral relationships, government audit history, and internal compliance program effectiveness. In healthcare services transactions, compliance due diligence can take as long as financial due diligence.
Purchase agreement provisions. Healthcare M&A agreements include specialized representations and warranties around regulatory compliance, government program participation, billing practices, and physician relationships. Indemnification provisions for compliance-related losses typically have longer survival periods (3-6 years or indefinite) than standard representations (12-18 months).
Valuation impact. Known compliance issues directly reduce enterprise value through expected settlement costs, remediation expenses, and the risk of program exclusion. Unknown compliance risk is reflected in higher buyer discount rates and wider bid-ask spreads.
| Compliance Law | Scope | Intent Required | Key Penalty | Due Diligence Focus |
|---|---|---|---|---|
| Stark Law | Physician referrals for DHS | No (strict liability) | Refunds + $15K/service + exclusion | Physician compensation, leases, ancillary services |
| Anti-Kickback Statute | Any payment inducing referrals | Yes (but "one purpose" test) | Felony + $100K/violation + 10 years | Speaker programs, consulting fees, compensation structure |
| False Claims Act | False claims to government programs | "Knowing" (includes reckless disregard) | Treble damages + $13-27K/claim | Billing patterns, coding accuracy, qui tam history |
Beyond these US-specific compliance laws, healthcare companies also face political and legislative risk from policy changes that can reshape the competitive landscape, from drug pricing reform to CMS reimbursement rule changes.
Free Interview PDF Guide