How to Structure a Telehealth Company for Maximum Compliance

Telehealth has moved from a pandemic necessity to a permanent feature of the healthcare landscape. But the regulatory framework has not simplified. If anything, the patchwork of state-level rules has grown more complex as states update their telehealth statutes and enforcement agencies catch up with the rapid growth of virtual care companies. Structuring your telehealth company correctly from the outset is the single most important compliance decision you will make.

The MSO-PC Model for Telehealth

The MSO-PC (Management Services Organization -- Professional Corporation) model is the gold standard for structuring telehealth companies, particularly when the founders or investors are not licensed physicians. This model separates the business operations from clinical practice in a way that satisfies corporate practice of medicine laws in virtually every state.

How It Works in a Telehealth Context

In a telehealth MSO-PC structure, the components work as follows:

• The MSO owns and operates the technology platform, handles patient acquisition and marketing, manages billing and revenue cycle, employs non-clinical staff, and holds the intellectual property. The MSO is typically a C-Corp (for venture capital) or an LLC (for bootstrapped companies).
• The PC employs or contracts with licensed clinicians, holds medical licenses and malpractice insurance, maintains clinical protocols and quality standards, and is owned by a licensed physician. Clinical decisions flow exclusively through the PC.
• The MSA (Management Services Agreement) governs the relationship between the two entities, defining which services the MSO provides, how it is compensated, and the PC's retained clinical authority.

For telehealth companies, the MSO typically builds and maintains the telehealth platform, while the PC's clinicians deliver care through that platform. The MSO licenses the technology to the PC under a separate technology license agreement.

Single Entity Risks: Why Direct Practice Is Dangerous

Some telehealth founders, especially physician founders, consider operating through a single entity rather than the MSO-PC model. While this may seem simpler, it introduces significant risks that grow as the company scales.

Risks of the Single Entity Approach

1. Fundraising limitations -- VCs cannot invest directly in a PC in most states because the PC must be owned by a licensed physician. A single-entity structure makes it nearly impossible to raise institutional capital.
2. Multi-state expansion barriers -- A PC formed in one state cannot practice medicine in another state. You would need a separate PC in each state, all owned by the same physician (who must be licensed in every state). The MSO-PC model allows the MSO to expand freely while creating state-specific PCs as needed.
3. Asset protection -- In a single entity, the technology platform, brand, and business assets are all inside the PC, which means they are exposed to malpractice claims. The MSO-PC model protects these assets by keeping them in the MSO, separate from clinical liability.
4. Exit and acquisition challenges -- Acquiring a PC is far more complex than acquiring an MSO because of physician ownership requirements. Most healthcare M&A transactions are structured as MSO acquisitions for this reason.

The single-entity approach may save a few thousand dollars in formation costs, but it creates structural problems that can cost millions to fix later. For any telehealth company with growth ambitions, the MSO-PC model is worth the upfront investment.

Hybrid Structures: When One Model Is Not Enough

Some telehealth companies need hybrid structures that combine elements of different models to address specific business needs. Common hybrid approaches include:

MSO-PC with Multiple State PCs

This is the most common structure for multi-state telehealth companies. A single MSO contracts with multiple PCs, each owned by a physician licensed in that state. The MSO provides uniform management services to all PCs, ensuring consistent operations while maintaining state-specific clinical compliance.

MSO-PC with Independent Contractor Physicians

In this model, the PC contracts with physicians as independent contractors rather than employees. This approach can provide flexibility and reduce overhead, but it requires careful structuring to ensure that the IC relationship is genuine and that the PC maintains appropriate clinical oversight. Misclassification of employees as independent contractors is a significant risk that can trigger both labor law and CPOM issues.

MSO with Mixed Entity Types

In states that do not enforce CPOM (such as Arizona), the MSO may be able to employ physicians directly without a separate PC. A multi-state telehealth company might use PCs in CPOM states and direct employment in non-CPOM states, all managed by the same MSO. This approach reduces entity proliferation but requires careful state-by-state analysis.

Technology Platform Considerations

The telehealth technology platform itself raises compliance considerations that go beyond CPOM:

• HIPAA compliance -- The platform must encrypt PHI in transit and at rest, implement access controls, maintain audit logs, and have a signed BAA with every third-party vendor that touches patient data.
• Clinical decision support -- If the platform uses algorithms to suggest diagnoses or treatments, you must ensure these tools support rather than replace physician judgment. An algorithm that makes clinical decisions is practicing medicine.
• State-specific requirements -- Some states require specific telehealth platform capabilities, such as the ability to document the patient's location at the time of the visit or to provide access to the patient's medical records in real time.
• Accessibility -- ADA compliance requires that your platform be accessible to patients with disabilities, including those who use screen readers or other assistive technologies.

Multi-State Compliance Requirements

A telehealth company's compliance obligations multiply with each new state. For each state of operation, you need:

• A compliant entity structure (PC, PA, or PLLC as required by the state)
• Active medical licenses for all providers seeing patients in that state
• State business registrations and any required telehealth-specific registrations
• DEA and state controlled substance registrations if prescribing
• Insurance credentialing with payors operating in that state
• Compliance with state-specific telehealth informed consent requirements
• Awareness of state-specific prescribing limitations for telehealth encounters

The most successful telehealth companies build compliance into their expansion playbook from the beginning. Rather than treating it as an afterthought, they make regulatory analysis the first step in evaluating any new state.

Structuring a telehealth company is not a one-time decision. It is an evolving architecture that must adapt as you enter new states, add new service lines, and respond to regulatory changes. Building on the MSO-PC foundation, with the flexibility to accommodate hybrid structures and state-specific requirements, gives you the best chance of scaling compliantly and sustainably.