Healthcare Business Models That Require CPOM Compliance

The corporate practice of medicine (CPOM) doctrine prohibits non-physician-owned entities from practicing medicine, employing physicians to practice medicine, or exercising control over clinical decisions. But for healthcare founders, the real question is more practical: does my business model trigger CPOM, and if so, what do I need to do about it?

The answer depends on the nature of your business, the states where you operate, and how your entity interacts with clinical services. Here is a breakdown of common healthcare business models and their CPOM implications.

Telehealth Platforms

Telehealth platforms are among the most common business models that trigger CPOM compliance. If your company provides a technology platform that connects patients with physicians and those physicians deliver clinical care through your platform, you are likely facilitating the practice of medicine.

The key CPOM triggers for telehealth include:

• Employing or contracting physicians: If the telehealth company directly employs physicians or contracts with them as independent contractors to deliver care through its platform, this constitutes the corporate practice of medicine in most CPOM states.
• Setting clinical protocols: If the company dictates clinical workflows, treatment protocols, or prescribing guidelines that physicians must follow, this can be viewed as exercising control over medical judgment.
• Billing for clinical services: If the company bills patients or insurance for clinical services rendered by physicians, this is a hallmark of corporate medical practice.

Nearly every venture-backed telehealth company operating in a CPOM state uses an MSO-PC structure. The MSO owns the technology, handles billing and operations, and contracts with a physician-owned PC that employs the clinicians.

Healthcare Staffing Agencies

Healthcare staffing agencies present a more nuanced CPOM analysis. Companies that provide temporary or contract physicians to healthcare facilities may or may not trigger CPOM depending on the specific arrangement.

Staffing agencies that simply recruit and place physicians, with the hiring facility maintaining the employer relationship and clinical oversight, generally do not trigger CPOM. However, agencies that directly employ physicians, control their scheduling and assignments, bill for their services, or set their compensation based on clinical productivity may cross into CPOM territory.

The distinction often comes down to who exercises control over the physician's clinical practice. If the staffing agency controls scheduling, productivity expectations, and the patient relationship, it looks more like a corporate medical practice than a staffing service.

Multi-Location Clinic Chains

Clinic chains operated by non-physician entrepreneurs are a classic CPOM scenario. Whether it is an urgent care chain, a primary care network, or a specialty clinic group, a non-physician-owned corporation cannot directly own and operate medical practices in CPOM states.

The standard solution is the MSO-PC model:

1. The entrepreneur forms an MSO that owns the real estate, equipment, technology, and non-clinical staff.
2. A physician forms and owns a professional corporation in each state where clinics operate.
3. The MSO provides management services to the PC under a management services agreement.
4. The PC employs the physicians and mid-level providers who deliver clinical care.

This structure allows the non-physician founder to control the business operations while keeping clinical practice within a physician-owned entity.

Digital Therapeutics Companies

Digital therapeutics (DTx) sit at an interesting intersection of technology and medicine. Whether a DTx company triggers CPOM depends largely on the nature of its product and how physicians are involved.

• FDA-cleared DTx products that are prescribed by a physician but do not involve ongoing physician-patient interaction through the platform may not trigger CPOM, as the technology itself is functioning as a medical device rather than a conduit for medical practice.
• DTx platforms that include physician consultations, treatment adjustments, or clinical monitoring as part of the product experience are more likely to trigger CPOM, especially if the company employs or contracts with those physicians.
• Wellness and coaching platforms that do not involve the practice of medicine, even if they are health-related, generally do not trigger CPOM.

Models That Generally Do Not Trigger CPOM

Not every healthcare-adjacent business needs to worry about CPOM. Several common models fall outside the doctrine's reach:

• Pure technology platforms: Companies that provide software tools to healthcare providers without employing physicians or billing for clinical services, such as EHR companies, practice management software vendors, or health data analytics platforms.
• Medical device companies: Manufacturers and distributors of medical devices do not practice medicine, even if their products are used in clinical settings.
• Health and wellness companies: Businesses offering fitness, nutrition, meditation, or general wellness services that do not constitute the practice of medicine.
• Administrative services: Companies providing billing, coding, credentialing, or other administrative services to physician practices without controlling clinical decisions.

The line between triggering and not triggering CPOM is not always clear. Business models evolve, and a company that starts as a pure technology platform may gradually add clinical services that bring it into CPOM territory. Regular compliance reviews are essential.

State-by-State Variation

It is important to remember that CPOM is not a federal law. It is a state-level doctrine, and not every state enforces it. States like California, New York, Texas, and Illinois have strong CPOM restrictions, while states like Florida and Arizona have more permissive frameworks.

For multi-state operations, you need to analyze your CPOM obligations in every state where you operate. A business model that works without an MSO-PC structure in one state may require full structural compliance in another. The safest approach for growth-stage companies is to build an MSO-PC structure from the start, even if your initial state does not require it, so you are ready to expand into CPOM states without restructuring.