The Unseen Hand: Navigating Corporate Practice of Medicine (CPOM) in a Multi-State Telehealth Landscape

The rapid acceleration of telehealth has undeniably revolutionized healthcare access, but it has also brought into sharp focus an enduring regulatory challenge: the Corporate Practice of Medicine (CPOM) doctrine. Often perceived as an arcane legal concept, CPOM is, in fact, a vibrant and actively enforced regulatory framework that dictates who can own, operate, and control medical practices. For telehealth founders, multi-state practice owners, medspas, and investors, understanding and meticulously navigating CPOM is not merely advisable; it is existential for sustainable growth in 2025-2026 and beyond.

For more on this topic, see our analysis: The MSO Tightrope: Navigating CPOM Compliance Across Diverse State Landscapes in 2025-2026.

At its core, CPOM prohibits corporations, or any non-physician entities, from employing physicians or otherwise controlling the delivery of medical services. The intent is to safeguard physician autonomy, prevent the commercialization of medicine, and ensure clinical decisions are made solely in the patient's best interest, free from corporate influence or profit motives. However, the application and enforcement of CPOM vary dramatically across states, creating a complex, fragmented regulatory environment that demands a sophisticated, state-by-state compliance strategy.

For more on this topic, see our analysis: The MSO Tightrope: Navigating CPOM Compliance Across Diverse State Landscapes in 2025-2026.

The Evolving CPOM Landscape: A State-by-State Minefield

While the underlying principle of CPOM is consistent, its practical implications are anything but. States fall generally into three categories:

1. Strict CPOM States: These states rigorously enforce the doctrine, often prohibiting any corporate ownership or control over medical practices. New York, California, Texas, and Ohio are prime examples. In these jurisdictions, even subtle forms of corporate influence can trigger severe penalties.
2. Moderate CPOM States: These states have CPOM doctrines but often allow for certain exceptions or have a more flexible enforcement posture, particularly regarding Management Services Organization (MSO) models. Nevada is a notable example, where MSOs are common but require careful structuring to maintain physician autonomy.
3. No CPOM States: A minority of states have either never adopted CPOM or have significantly repealed it, allowing corporations to directly employ physicians. However, even in these states, other regulations (e.g., fee-splitting prohibitions, anti-kickback laws) still apply.

This patchwork creates significant challenges for any healthcare entity operating or expanding across state lines, particularly for telehealth platforms that inherently transcend geographical boundaries. The notion of a 'one-size-fits-all' business model is a recipe for regulatory disaster.

New York: The Gold Standard of Strict Enforcement

New York stands out as one of the nation's most stringent CPOM states. The New York State Education Department (NYSED) Office of Professional Discipline (OPD) actively scrutinizes arrangements that appear to grant non-physician entities control over medical decisions or revenue. As highlighted in recent intelligence, "New York's stringent Corporate Practice of Medicine (CPOM) doctrine presents significant challenges for telehealth companies... prohibiting against corporate entities practicing medicine or employing licensed professionals to deliver clinical services." (Regulatory Intelligence #4)

For telehealth companies, medspas, and other healthcare businesses in New York, the only viable path to compliance is through a Physician-Controlled Management Services Organization (PC-MSO) structure. This model mandates that the professional entity (PE) providing clinical services must be genuinely owned and controlled by licensed New York physicians. The MSO's role is strictly limited to administrative, non-clinical support. Any perceived influence over clinical matters – from dictating treatment protocols to controlling physician employment decisions – can lead to investigations, license revocations, civil monetary penalties, and even criminal charges.

Key Takeaways for New York:

• Physician Control is Paramount: The PE must retain absolute clinical autonomy.
• MSA Scrutiny: Management Services Agreements (MSAs) must meticulously delineate responsibilities, ensuring the MSO provides only non-clinical support.
• Fair Market Value: All financial arrangements, including MSO fees, must be at fair market value and not tied to patient volume or revenue in a way that suggests illegal fee-splitting.

California & Texas: High Stakes, Active Enforcement

California and Texas are also known for their robust CPOM enforcement. California's Medical Board and the Attorney General's office have historically taken aggressive stances against arrangements that circumvent CPOM. Similarly, Texas maintains a strict interpretation, with the Texas Medical Board actively investigating non-compliant structures.

For DTC telehealth weight loss brands and similar direct-to-consumer models, these states pose particular risks. The intelligence notes, "The core challenge lies in the tension between the corporate structure of a DTC platform and the requirement for physician autonomy." (Regulatory Intelligence #5) This means that even if physicians are contractors, the degree of corporate influence on treatment protocols, formularies, or revenue-sharing models can be construed as illegal control or fee-splitting.

Key Takeaways for California & Texas:

• Beyond Employment: CPOM extends beyond direct employment to any arrangement where a non-physician entity exercises control over clinical decisions.
• Fee-Splitting Risk: Revenue-sharing models must be carefully vetted to avoid illegal fee-splitting, which is often intertwined with CPOM violations.
• DTC Scrutiny: Brands offering services like weight loss, mental health, or sexual health are under increased scrutiny due to the direct patient interaction and potential for corporate influence on prescribing or treatment plans.

Nevada: Flexibility, But Not Permissiveness

Nevada presents a more nuanced picture. While it maintains a CPOM doctrine, its enforcement is often considered more flexible, allowing for well-structured MSO models. "This flexibility, however, does not equate to an absence of regulation; rather, it necessitates a carefully structured operational model." (Regulatory Intelligence #1)

For telehealth and medspa businesses, Nevada's approach allows for MSO structures where the MSO provides administrative services to a physician-owned professional corporation. However, the critical caveat is that the MSO must not control clinical decision-making, physician employment, or engage in fee-splitting. The Nevada State Board of Medical Examiners will still challenge arrangements that appear to dictate patient care or improperly share professional fees.

Key Takeaways for Nevada:

• MSO Viability: MSO models are generally permissible but require meticulous drafting.
• Clear Boundaries: Agreements must explicitly state the PC retains full control over medical judgments, hiring clinical staff, and setting professional fees.
• Not a Free Pass: Flexibility does not mean laxity; robust legal counsel is still essential.

The PC-MSO Model: Your Primary Defense Strategy

Given the varied and often strict enforcement of CPOM, the Physician-Controlled Management Services Organization (PC-MSO) model has emerged as the industry standard for compliant multi-state operations. This structure legally separates the clinical delivery of healthcare from the administrative and business functions.

How it Works:

1. Professional Entity (PE): This is the clinical practice, owned entirely by licensed physicians (or other licensed professionals like dentists or chiropractors, depending on the service and state law). The PE employs or contracts with the healthcare providers who deliver direct patient care. The PE holds all necessary licenses and permits for clinical operations.
2. Management Services Organization (MSO): This is a non-physician-owned entity that provides administrative, non-clinical services to the PE. These services typically include billing, coding, marketing, IT, human resources (for administrative staff), real estate, equipment, and other business support.
3. Management Services Agreement (MSA): This is the legally binding contract between the PE and the MSO, meticulously defining the scope of services, compensation structure, and, crucially, explicitly affirming the PE's sole control over all clinical matters.

Critical Elements of a Compliant PC-MSO:

• Clinical Autonomy: The PE must retain absolute and unequivocal control over all aspects of clinical care, including hiring/firing clinical staff, setting treatment protocols, making diagnoses, and determining fees for professional services.
• Fair Market Value (FMV): The MSO's compensation from the PE must be at FMV for the services rendered. It cannot be tied to patient volume, revenue, or profits in a way that could be construed as illegal fee-splitting or an inducement for referrals. This is a highly scrutinized area.
• No Control Over Referrals: The MSO cannot direct or influence patient referrals to specific providers or facilities.
• Separate Identities: While they work together, the PE and MSO must maintain distinct legal and operational identities.
• Documentation: All agreements, policies, and operational procedures must clearly reflect the separation of clinical and administrative functions and the PE's clinical control.

Beyond CPOM: Intersecting Regulatory Risks

Navigating CPOM is complex enough, but it rarely exists in a vacuum. Other critical regulatory frameworks intersect with and amplify CPOM risks, particularly for multi-state telehealth operations:

1. Anti-Kickback Statute (AKS) and Stark Law

The Anti-Kickback Statute (AKS) prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals for items or services reimbursable by federal healthcare programs. The Stark Law prohibits physicians from referring Medicare or Medicaid patients for certain designated health services to entities with which they or their immediate family members have a financial relationship.

CPOM-compliant MSO arrangements must also adhere to AKS and Stark Law. For example, if an MSO's compensation structure is not at FMV, it could be construed as an illegal kickback. "The DOJ is particularly vigilant about arrangements that incentivize referrals through illegal kickbacks, often disguised as marketing fees, administrative services, or consulting agreements." (Regulatory Intelligence #10) This is especially relevant for telehealth brands working with lead generators, pharmacies, or labs.

2. State Fee-Splitting Prohibitions

Many states have specific prohibitions against fee-splitting, which is the practice of sharing professional fees with unlicensed individuals or entities. This often overlaps significantly with CPOM. An MSO agreement that gives the MSO a percentage of the professional fees collected by the PE, rather than a fixed fee or FMV rate for services, is a common target for fee-splitting allegations.

3. Telehealth-Specific Regulations

Each state's medical board, pharmacy board, and other licensing bodies have specific rules governing telehealth. These include requirements for:

• Establishment of Patient-Provider Relationship: Some states require an initial in-person exam, while others permit telehealth-only. "The primary challenge lies in the lack of a uniform federal standard for the establishment of a patient-provider relationship via telehealth." (Regulatory Intelligence #2)
• Informed Consent: "Telehealth informed consent is complex, with no single federal standard." (Regulatory Intelligence #7) Requirements vary significantly by state, including specific disclosures about technology failures or data privacy.
• Prescribing: Especially for controlled substances, state medical boards and pharmacy boards have strict rules. The DEA's proposed rules post-PHE add another layer of complexity. "State medical boards often have their own interpretations and additional restrictions on top of federal law." (Regulatory Intelligence #2)
• Supervision and Delegation: For PAs and NPs, states like Washington have specific requirements for ongoing collaboration and oversight, critical for both telehealth and medspa settings. (Regulatory Intelligence #6)

Failure to comply with these telehealth-specific regulations, even within a CPOM-compliant structure, can lead to separate enforcement actions.

What This Means For Your Practice: Actionable Compliance Strategies

For telehealth founders, multi-state practice owners, medspas, and investors, the complexity of CPOM and its intersecting regulations demands a proactive, robust compliance framework. Here are actionable strategies for 2025-2026:

1. Conduct a Comprehensive State-by-State CPOM Analysis: Before expanding into any new state, or if you're already operating multi-state, undertake a thorough legal analysis of that state's CPOM doctrine, including its specific exceptions, enforcement history, and relevant professional board interpretations. This is not a one-time exercise; regulations evolve.

2. Meticulously Structure PC-MSO Agreements: If an MSO model is chosen, ensure the Management Services Agreement (MSA) is drafted by experienced healthcare counsel. Key provisions to scrutinize include:

   • Clear Delineation of Services: Explicitly list only administrative, non-clinical services provided by the MSO.
   • Physician Autonomy Clause: Include strong language affirming the PE's sole control over all clinical decisions, hiring/firing of clinical staff, and professional fee setting.
   • FMV Compensation: Ensure MSO fees are fixed, per-service, or based on other metrics that reflect fair market value for administrative services, not a percentage of clinical revenue.
   • Term and Termination: Define clear terms and termination rights that protect physician independence.

3. Implement Robust Internal Controls and Training:

   • Policies and Procedures: Develop clear, written policies that reinforce the separation of clinical and administrative functions.
   • Staff Training: Regularly train both clinical and administrative staff on CPOM principles, their roles, and the importance of maintaining physician autonomy.
   • Documentation: Maintain meticulous records of all agreements, board minutes for the PE, and evidence of clinical decision-making residing solely with the licensed professionals.

4. Audit Operational Workflows: Regularly audit your day-to-day operations to ensure they align with your legal structure. Does your marketing material imply corporate control over medical outcomes? Are clinical protocols being dictated by non-clinical staff? Are HR functions for clinical staff handled by the PE?

5. Vetting Third-Party Vendors: Any partnerships with lead generators, marketing firms, pharmacies, or other service providers must be vetted for AKS, Stark, and fee-splitting compliance. Ensure all compensation is at FMV and does not induce referrals.

6. Stay Abreast of Regulatory Changes: The telehealth landscape is dynamic. Regularly monitor legislative changes, professional board rulings, and enforcement actions in all states where you operate. Partner with a compliance infrastructure provider like TrueEval to receive real-time intelligence.

Looking Ahead: The Future of CPOM and Telehealth

The tension between innovative healthcare delivery models and the foundational principles of CPOM is unlikely to dissipate. As technology advances and consumer demand for convenient care grows, state regulators will continue to refine their interpretations and enforcement strategies. We anticipate:

• Continued Scrutiny of DTC Models: Direct-to-consumer telehealth platforms, especially those offering services like weight loss, mental health, and sexual health, will remain high-priority targets for enforcement due to their scale and potential for corporate influence over prescribing and treatment.
• Increased Focus on AI-Powered Platforms: The integration of AI into clinical decision support and patient management will introduce new CPOM questions regarding who controls the 'practice of medicine' when algorithms are involved. This will necessitate clear guidelines on AI's role and physician oversight.
• Harmonization, But Slowly: While a federal CPOM standard is unlikely, there may be incremental movements towards greater clarity or uniformity in specific areas, driven by interstate compacts or federal guidance on telehealth.
• Investor Due Diligence: Investors in healthcare ventures will increasingly demand robust CPOM compliance frameworks as a non-negotiable aspect of due diligence, recognizing the significant legal and financial risks of non-compliance.

Successfully navigating the multi-state CPOM landscape requires more than just legal documents; it demands a deeply embedded culture of compliance that prioritizes physician autonomy and ethical patient care. By understanding the nuances, implementing rigorous structures, and continuously monitoring the evolving regulatory environment, healthcare businesses can build resilient, compliant operations that thrive in the future of healthcare delivery.

---

Further Reading

• The MSO Tightrope: Navigating CPOM Compliance Across Diverse State Landscapes in 2025-2026
• The Shifting Sands of Telehealth Controlled Substance Prescribing: Navigating DEA and State Requirements in 2025-2026
• Navigating the Minefield: Corporate Practice of Medicine and the MSO Model in 2025-2026
• Navigating the Regulatory Gauntlet: CPOM, Telehealth Prescribing, and Enforcement in 2024