The traditional approach to negotiating representations and warranties (R&W) and allocating risk in mergers and acquisitions is shifting. As the phased implementation of the “One Big Beautiful Bill Act” (OBBBA) begins and scrutiny of artificial intelligence platforms intensifies at both the state and federal levels, the gap between what a seller is willing to represent and what a buyer feels comfortable assuming will continue to widen.
For principals involved in acquiring or divesting healthcare facilities, the standard “compliance with laws” R&W, already exceptionally broad in the healthcare context, is no longer the protection it once was. Historically, R&W insurance provided a path to closing by shifting much of the risk of unknown R&W breaches from the seller to a third-party insurance carrier. With the changing regulatory and technology landscapes, though, the path paved by R&W insurance is shifting as well. Unable to rely on R&W insurance as they once were, buyers must think more carefully about how risk is allocated between them and the seller.
R&W Insurance Is No Longer A Reliable Backstop
Carriers in the R&W insurance market are increasingly hesitant to cover certain liabilities that are growing in prevalence. In response to the changed regulatory landscape, many carriers are carving out “systemic billing and coding practices” and “violations of the OBBBA’s value-based transparency metrics” from their standard policies. They are also hesitant to cover the liabilities of “black-box” diagnostic tools, many of which are supplemented by novel AI programs and algorithms.
When a carrier issues a quote with such exclusions, the burden of indemnity shifts back to the parties to the transaction. This exposure is significant, particularly in healthcare acquisitions involving senior living and skilled nursing facilities, where a single payer audit by the Centers for Medicare or Medicaid Services (CMS) and its Medicare Administrative Contractors (MACs) can produce overpayments and payer clawbacks that exceed standard indemnity caps in purchase agreements.
Where R&W insurance coverage does not adequately cover this exposure, buyers should consider requiring a “Special Indemnity” bucket, a separate escrow specifically earmarked for these excluded risks. Sellers, meanwhile, need to be more conscientious than ever and cognizant of the need for overlap between their technology and compliance departments, both in the lead-up to a transaction and during due diligence.
Clinical AI Introduces a New Category of Risk
The integration of AI documentation and diagnostic tools into the practice of healthcare has introduced a new category of liability, whether the AI is used by individual providers, licensed at the enterprise level, or developed as a proprietary in-house tool. Buyers are no longer simply acquiring software or licenses for the software. They are potentially acquiring “AI algorithms” that may carry embedded risks, including biases, flawed outputs, or fatal “hallucinations”.
During due diligence, buyers should consider reviewing AI tools, usage, and related policies, separate and distinct from the standard technology, data security, and contracts review. When AI use is critical to the seller’s business or the development of proprietary AI tools is identified, purchase agreements should include R&Ws that go beyond the standard intellectual property, technology, and data security-related language to address AI specifically, either within the technology R&Ws or separately.
For example, a sophisticated buy-side legal team should consider requiring specific AI-related representations addressing:
- Algorithmic integrity: AI business products will perform in accordance with specifications after the closing, are free from unintended biases and material defects, and the buyer will obtain sufficient rights to use the AI business products unhindered after the closing.
- Data provenance: Data input in the AI programs was validly collected with appropriate consent and permissions.
- Data security: AI systems meet or exceed applicable cybersecurity and data protection standards.
From a sell-side perspective, representations should push for “Knowledge” and “Materiality” qualifiers to avoid a minor technical glitch from triggering an outsized post-closing indemnity claim. The buyer and seller should carefully craft those definitions in the purchase agreement to appropriately allocate risk.
Where a seller has developed proprietary AI tools, sellers should also be prepared to represent that those tools have undergone independent third-party bias audits and that the data used to train these models was acquired with proper HIPAA-compliant authorizations.
Your Deal Terms Must Evolve
The risks associated with healthcare transactions are evolving faster than the mechanisms traditionally used to manage them. As R&W insurance becomes less reliable for certain regulatory and AI-related exposures, risk is shifting back to the parties and into the deal documents themselves.
Buyers and sellers must account for that shift during diligence and structure their representations, indemnities, and escrows accordingly. Those buyers who fail to adapt risk inheriting liabilities that are no longer insurable, and those sellers who fail to adapt risk losing their payout to post-closing liabilities.
