Why Pharmacy M&A Due Diligence Prevents Dea Penalties

Earnouts tie a portion of purchase price to post-closing financial performance, commonly structured as a percentage of revenue or EBITDA over 12 to 36 months. Healthcare providers must ensure that earnout calculations exclude extraordinary items (one-time litigation settlements, insurance recoveries, or major customer losses unrelated to operational performance), that the buyer has sole discretion over operational decisions affecting earnout metrics, and that earnout disputes are resolved through independent accounting review rather than litigation. Deal documents should specify which party bears the risk of reimbursement rate cuts, insurance claim denials, and customer departures due to market conditions versus operational failure. When earnout language is vague, courts in New York and other jurisdictions have allowed sellers to claim earnout payments even when the buyer's own decisions (such as raising prices or reducing staff) caused the shortfall, creating years of post-closing conflict.

Pharmacy profitability depends heavily on insurance reimbursement rates and customer mix; a single large customer contract or a shift in Medicaid reimbursement can swing EBITDA by 20 percent or more. Healthcare providers should require detailed customer concentration analysis showing the top 10 customers, their contract terms, renewal dates, and any termination-for-convenience clauses. If the target pharmacy derives more than 25 percent of revenue from a single customer or payer, the purchase agreement should include customer consent provisions, non-solicitation covenants, and holdback or escrow arrangements to cover customer losses in the first 12 months post-closing. Valuations based on historical EBITDA without adjustment for known reimbursement pressure or customer concentration risk often prove unrealistic.

Request from the seller a complete disclosure of any FDA warning letters, state pharmacy board disciplinary actions, DEA diversion investigations, CMS audits, or state attorney general inquiries in the past five years. Many sellers downplay or omit these disclosures, hoping the buyer will not discover them until after closing. Healthcare providers should conduct independent verification by filing FOIA requests with the DEA and FDA, reviewing state pharmacy board public records, and checking the OIG exclusion list to confirm that no pharmacists, owners, or key personnel are barred from federal healthcare programs. If the target pharmacy has a history of controlled substance diversion, compounding violations, or billing fraud, the buyer may inherit criminal and civil liability, loss of DEA registration, and exclusion from Medicare and Medicaid. A single serious compliance violation can reduce the value of a pharmacy by 40 to 60 percent or render it unsellable.

Pharmacy patient records contain protected health information under HIPAA; the purchase agreement must specify how records will be transferred, stored, and maintained, and who bears liability for any breach or unauthorized access during transition. Healthcare providers should require the seller to conduct a HIPAA compliance audit before closing, to certify that all patient records are properly secured, and to maintain cyber liability insurance through the transition period. If patient data is lost or compromised during the acquisition process, both the seller and buyer may face OCR enforcement, state attorney general investigations, and private litigation from affected patients.