The healthcare regulatory environment is in constant flux, demanding perpetual vigilance from providers and businesses alike. While the expansion of telehealth has revolutionized access to care, it has also ushered in a new era of scrutiny from federal and state authorities. This quarter, we've observed a significant uptick in enforcement actions, coupled with critical clarifications in state-specific regulations, particularly impacting telehealth, medspas, and practices operating across state lines.
For more on this topic, see our analysis: Navigating the Regulatory Gauntlet: Telehealth, CPOM, and Enforcement in 2024.
DOJ Intensifies Enforcement Against Telehealth Fraud and Kickback Schemes
The Department of Justice (DOJ) continues its aggressive pursuit of healthcare fraud, with a pronounced focus on the telehealth sector. This isn't merely a continuation of past efforts; it's an escalation, signaling that federal authorities view the rapid growth of virtual care as a fertile ground for illicit activities. The DOJ's enforcement actions consistently highlight schemes involving billing for medically unnecessary services, services not rendered, or services provided through illegal kickback arrangements. These actions often leverage the False Claims Act (FCA), which carries severe civil penalties, and the Anti-Kickback Statute (AKS), which can lead to criminal charges and exclusion from federal healthcare programs.
For more on this topic, see our analysis: Navigating the Regulatory Gauntlet: Telehealth, CPOM, and Enforcement in 2024.
For instance, recent cases have targeted telehealth companies and affiliated providers for allegedly facilitating the submission of false claims to Medicare and Medicaid for durable medical equipment (DME), genetic testing, and prescription medications that were not medically necessary or were procured through illegal patient recruitment and kickback schemes. While specific dollar amounts and case names are often under seal or part of ongoing investigations, the consistent theme is the aggressive recovery of taxpayer dollars and the prosecution of individuals and entities that compromise patient care for financial gain. The message is clear: any financial relationship with lead generators, laboratories, pharmacies, or other service providers that directly or indirectly induces referrals is a high-risk area. Telehealth brands, medspas, and clinical practices must ensure their compensation arrangements are demonstrably fair market value, commercially reasonable, and devoid of any link to referrals or volume of services.
Navigating Corporate Practice of Medicine (CPOM) Across Diverse State Landscapes
One of the most persistent and complex challenges for multi-state healthcare businesses, particularly telehealth and medspas, remains the Corporate Practice of Medicine (CPOM) doctrine. This quarter has seen further clarification and, in some cases, hardening of stances from state medical boards and attorneys general.
New York's Strict CPOM: A Continued Bellwether
New York stands out with one of the nation's most stringent CPOM doctrines. The state unequivocally prohibits corporations from employing physicians or controlling the practice of medicine. For telehealth companies, medspas, and even dental and chiropractic practices seeking to operate in New York, a meticulously structured Physician-Controlled Management Services Organization (PC-MSO) model is not merely advisable but essential. The New York State Education Department (NYSED) Office of Professional Discipline (OPD) and the Office of the Attorney General are vigilant. Any perceived influence by the MSO over clinical decision-making, patient care protocols, or professional employment decisions can trigger severe penalties, including license revocation and civil monetary penalties. The key takeaway is that the professional entity (PE) must be genuinely physician-owned and physician-controlled, maintaining absolute clinical autonomy, with the MSO's role strictly limited to administrative support. This principle applies equally to emerging sectors like DTC telehealth weight loss brands, where the tension between corporate structure and physician independence is often most acute.
Nevada's Nuanced Approach to CPOM
In contrast to New York, Nevada presents a more flexible, though still regulated, CPOM environment. While generally prohibiting lay corporations from practicing medicine, Nevada's enforcement posture allows for well-structured MSO models, particularly beneficial for telehealth and medspa businesses. However, this flexibility is not a license for permissiveness. The Nevada State Board of Medical Examiners scrutinizes MSO agreements to ensure they clearly delineate boundaries, preserving physician autonomy over clinical judgments, hiring/firing of clinical staff, and fee setting. Any arrangement that dictates patient care or involves improper fee-splitting can be challenged. This distinction underscores the critical need for state-specific legal counsel when structuring multi-state operations.
CPOM and DTC Telehealth Weight Loss Brands
The rise of Direct-to-Consumer (DTC) telehealth weight loss brands has brought CPOM into sharp focus across various states, including California, Texas, Ohio, Illinois, and New Jersey, among others. These platforms face unique challenges in demonstrating physician independence when corporate structures often drive marketing and operational strategies. Regulators are scrutinizing physician employment agreements, revenue-sharing mechanisms, and the degree of corporate influence on treatment protocols. If a platform dictates specific weight loss treatments or formularies without independent physician judgment, it risks violating CPOM. Similarly, revenue models tied directly to prescription volume could be construed as illegal fee-splitting. The message for these brands is clear: robust MSO or PC structures must genuinely preserve physician independence to mitigate severe penalties.
Evolving Telehealth Regulations: From Prescribing to Informed Consent
The post-COVID-19 Public Health Emergency (PHE) era has ushered in a new phase of telehealth regulation, characterized by states solidifying temporary flexibilities into permanent rules, often with new caveats.
State-Specific Telehealth Prescribing and Controlled Substances
Sexual wellness platforms and any telehealth provider considering prescribing controlled substances face a complex and fragmented regulatory landscape. The DEA's Ryan Haight Act generally mandates an in-person evaluation for controlled substance prescribing via telemedicine, with the post-PHE rules still under development. However, states often impose additional restrictions. For example, many states require synchronous audio-visual communication for initial consultations, and some prohibit prescribing Schedule II substances via telehealth without a prior in-person visit. The District of Columbia Board of Pharmacy regulations, for instance, emphasize a proper patient-provider relationship established via telehealth, even for non-controlled substances, and strict adherence to compounding regulations for specialized medications. For medspas, dental practices, and chiropractic offices involved in prescribing, meticulous state-by-state analysis of medical and pharmacy board rules is non-negotiable. This impacts everything from initial patient assessment protocols to the secure electronic transmission of prescriptions and the vetting of partner pharmacies.
Telehealth Informed Consent: A 50-State Challenge
Informed consent for telehealth is not a one-size-fits-all proposition. Across all 50 states and D.C., requirements vary significantly, demanding a highly granular approach from telehealth brands and multi-state practices. Some states mandate specific disclosures regarding technology failures or data privacy in a telehealth context, while others may dictate the method of obtaining consent (e.g., written, electronic, verbal with documentation). Failure to capture these nuances can lead to regulatory penalties and malpractice claims. Practices must implement dynamic consent workflows that adapt to the patient's location and the specific services being rendered. This is particularly relevant for medspas offering virtual consultations that may lead to in-person procedures, or chiropractic offices conducting remote assessments, where the scope and limitations of virtual interaction must be clearly communicated and consented to.
Chiropractic Telehealth: Defining the Virtual Scope
State chiropractic boards are increasingly defining the permissible scope of telehealth for chiropractors. While telehealth offers opportunities for follow-up consultations and lifestyle advice, it generally cannot replace hands-on diagnostic or therapeutic procedures. Many states, including Texas, Florida, and California, often require an initial in-person visit to establish a legitimate patient-practitioner relationship, limiting fully remote care. Chiropractic offices integrating telehealth must develop clear protocols to distinguish between appropriate virtual and in-person services. Telehealth brands offering chiropractic services must be acutely aware of these state-specific limitations to avoid license violations and ensure appropriate patient care.
Supervision and Delegation: A Critical Focus for PAs and ARNPs
The role of Physician Assistants (PAs) and Advanced Registered Nurse Practitioners (ARNPs) in telehealth and medspa settings continues to be a focal point for state regulatory bodies. The Washington State Medical Commission (WMC) and Nursing Care Quality Assurance Commission (NCQAC) have issued clear guidelines emphasizing robust supervision and delegation requirements.
For telehealth brands and medspas operating in Washington, this means that a nominal supervising physician or collaborating ARNP is insufficient. Regulations demand documented processes for ongoing collaboration, review of patient charts, and availability for consultation. This is crucial for aesthetic procedures, where the delegating physician or collaborating ARNP must ensure the PA or ARNP possesses the necessary training and competency for each procedure, including understanding complications and emergency protocols. Medspas must maintain meticulous records of delegation agreements, training, and ongoing supervision. This trend is indicative of a broader regulatory push to ensure patient safety and accountability in models utilizing mid-level providers, requiring comprehensive compliance programs, regular audits, and staff training.
Telehealth Billing and Coding Compliance: The Financial Lifeline
Beyond clinical and structural compliance, the financial integrity of telehealth operations hinges on meticulous billing and coding compliance. Missteps here are not just administrative errors; they are significant risk factors for fraud, waste, and abuse allegations.
For telehealth brands, medspas, dental practices, and chiropractic offices utilizing virtual care, adherence to payer-specific policies for commercial insurance is paramount. This includes understanding covered services, acceptable modalities (audio-only vs. audio-visual), eligible providers, and state-specific parity laws. Accurate use of CPT/HCPCS codes, telehealth modifiers (e.g., -95, -GT, -GQ, -G0), and place of service (POS) codes (e.g., 02 for telehealth provided from a location other than the patient's home, 10 for telehealth provided in the patient's home) is critical. Documentation must comprehensively support billed services, including medical necessity, modality, and patient consent.
For self-pay models, while seemingly simpler, compliance around price transparency is crucial. The No Surprises Act mandates good faith estimates for uninsured and self-pay patients, requiring clear, upfront pricing. Avoiding deceptive marketing and ensuring services are delivered as advertised are essential to prevent consumer complaints and regulatory scrutiny. Practices must implement robust internal controls, staff training, and regular audits to navigate these complexities, especially when operating across multiple states with varying payer rules and regulatory mandates.
What This Means For Your Practice
The current regulatory climate demands a proactive, sophisticated approach to compliance. The days of 'set it and forget it' are long gone. For telehealth founders and operators, brick-and-mortar practices expanding nationally, healthcare compliance officers, medspa, dental, chiropractic, and wellness practice owners, and healthcare investors and advisors, the implications are clear:
- Robust CPOM Structuring: For any multi-state operation, particularly in states like New York, a genuine PC-MSO model is non-negotiable. Ensure your MSO agreements unequivocally preserve physician autonomy and avoid any semblance of corporate control over clinical decisions or illegal fee-splitting. Conduct regular legal audits of your corporate structure and contractual agreements.
- Granular State-Specific Compliance: There is no federal panacea for telehealth. Every state has unique requirements for patient-provider relationships, prescribing (especially controlled substances), informed consent, and scope of practice for various professionals. Your compliance framework must be dynamic, tracking and adapting to these variations across all jurisdictions where you operate and where your patients reside.
- Fortified Fraud & Abuse Prevention: The DOJ's intensified focus on telehealth fraud means your practice must have an ironclad compliance program. This includes rigorous vetting of third-party vendors, ensuring all compensation arrangements are fair market value and commercially reasonable, and conducting regular internal audits of billing, coding, and referral patterns. Train your staff consistently on AKS, FCA, and other relevant regulations.
- Meticulous Documentation and Billing: Ensure your documentation unequivocally supports the medical necessity of services, the modality used, and patient consent. Your billing and coding practices must align perfectly with payer-specific rules, including correct use of CPT/HCPCS codes, modifiers, and POS indicators. For self-pay models, prioritize transparent pricing and adherence to consumer protection laws.
- Ongoing Professional Oversight: If your practice utilizes PAs or ARNPs, particularly in telehealth or medspa settings, ensure your supervision and delegation protocols are robust, documented, and compliant with state board requirements. This includes ongoing collaboration, chart review, and competency verification.
Ignoring these evolving regulatory mandates is no longer an option. The cost of non-compliance—ranging from substantial fines and recoupments to license revocations and criminal charges—far outweighs the investment in a comprehensive, forward-looking compliance strategy. Partner with experts who understand the nuances of this complex landscape to safeguard your operations and ensure sustainable growth.
Further Reading
- Navigating the Regulatory Gauntlet: Telehealth, CPOM, and Enforcement in 2024
- Navigating the Shifting Sands: Critical Regulatory Updates for Telehealth, Medspas, and Clinical Practices
- Navigating the Regulatory Tides: Critical Updates for Telehealth, Medspas, and Clinical Practices
- The Compliance Crucible: Navigating CPOM, Telehealth Prescribing, and DOJ Scrutiny in a Dynamic Regulatory Landscape
