Healthcare services is one of the most attractive ETA sectors structurally — recurring patient relationships, demographic tailwinds (aging population, mental health demand growth), and significant fragmentation across nearly every sub-sector. It is also the most regulatory-intensive category an ETA operator can enter, with licensure, certificate of need requirements, HIPAA, Medicare and Medicaid billing rules, and corporate practice of medicine restrictions all creating compliance obligations that do not exist in general business services. The searchers who do well in healthcare understand the regulatory layer before they buy; those who discover it post-close pay for the education expensively.
Sub-Sector Analysis: Where ETA Works Best
Veterinary practices are the highest-multiple healthcare sub-sector (median 7.0x–8.0x EBITDA) and among the highest-quality business models in all of small business M&A. Recurring patient relationships (annual wellness visits, preventive care), non-discretionary demand (pets still need care in recessions), very low insurance complexity (most pet care is cash-pay or private pet insurance), and massive PE consolidation activity creating exit options at premium multiples. The downside: valuations have moved sharply upward as consolidators have competed aggressively. Finding a veterinary practice at reasonable multiples requires off-market sourcing and patience.
Behavioral health — outpatient therapy practices, substance use treatment facilities, autism spectrum disorder (ASD) therapy providers — is the highest-growth healthcare sub-sector for ETA. Demand for mental health services structurally exceeds supply; waitlists at well-run practices are measured in months. ASD therapy (Applied Behavior Analysis, or ABA) in particular has been a major area of PE investment due to Medicaid and insurance coverage mandates. Multiples range from 5.5x–7.0x for outpatient practices with strong managed care contracts.
Home health and personal care agencies — businesses that provide skilled nursing, therapy, or non-medical personal care to patients in their homes — are strong ETA targets when structured around private-pay or managed care revenue rather than fee-for-service Medicare/Medicaid. Medicare and Medicaid billing creates reimbursement risk, audit exposure, and compliance overhead that most ETA operators underestimate. Private-pay home care agencies (serving families paying out of pocket for elder care) avoid most of this complexity while serving the same demographic tailwind.
Physical therapy practices trade at 4.5x–5.5x EBITDA with strong recurring patient characteristics (patients typically complete 8–16 sessions over 6–12 weeks, often returning for new episodes of care). Reimbursement is primarily through insurance, which creates billing complexity but also predictability. Regulatory risk is lower than Medicare-heavy sub-sectors.
The Corporate Practice of Medicine Problem
Many states have "corporate practice of medicine" (CPOM) laws that prohibit non-physician entities from employing physicians or controlling clinical decisions. These laws apply in various forms to physicians, dentists, optometrists, and in some states, physical therapists and other licensed professionals. If you are not a licensed healthcare professional and you want to acquire a practice that employs licensed professionals, CPOM laws may require a Management Services Organization (MSO) structure rather than direct ownership.
An MSO structure separates the clinical entity (owned by a licensed professional) from the management entity (owned by you). You own the management company, which provides administrative, operational, and billing services to the clinical entity under a management services agreement. The licensed professional owns the clinical entity but has limited economic participation. This structure is standard in PE-backed healthcare acquisitions and is workable — but it requires healthcare-specific legal counsel and careful structuring.
Confirm CPOM applicability in your target state before signing an LOI for any healthcare practice acquisition. Several states (California, Texas, New York) have strict CPOM rules; others have no restrictions. The cost of getting this wrong — an acquisition structure that must be unwound post-close — is very high.
HIPAA, Billing Compliance, and Medicare/Medicaid Risk
Healthcare businesses handling patient records have HIPAA obligations: privacy policies, security protocols, breach notification procedures, and business associate agreements with every vendor who accesses protected health information. Most small healthcare businesses are HIPAA non-compliant in at least some respect — this is a universal finding in healthcare acquisition diligence. The question is whether the gaps create material liability or are correctable with modest investment.
Medicare and Medicaid billing is a separate and more serious compliance dimension. Both programs can audit historical billing, recoup overpayments retroactively (up to three years under normal audit, ten years for fraud), and exclude providers from the programs — effectively shutting down revenue. If you acquire a business with active Medicare/Medicaid billing and undisclosed billing errors, you inherit that liability in a stock purchase. In an asset purchase you generally do not — but you will need to re-enroll as a new provider, which takes 60–120 days and creates a revenue gap. Plan for this explicitly.
What Healthcare Diligence Requires Beyond the Standard Checklist
Healthcare acquisition diligence should include: a payer mix analysis (what percentage of revenue comes from each insurance type, government program, and private pay — and what the reimbursement trends are for each), a credentialing status review (are all clinical staff credentialed with the payers you need), a certificate of need review (some states require government approval to operate healthcare facilities — confirm the acquired business has the required certificates and that they transfer), and a compliance review by a healthcare attorney covering HIPAA, billing practices, and any open Medicare/Medicaid audits.
Budget $15,000–$35,000 for healthcare-specific legal and compliance diligence on top of standard financial and operational review. It is not optional.