The Corporate Practice of Medicine: A Board-Level Risk You Can’t Ignore

The Foundational Risk — A Historical Context

Let’s first take a step back and examine why the Corporate Practice of Medicine has been vital to advancing healthcare. In the early 1900s, the CPOM doctrine was established to ascertain that every medical practice was qualified to do so, making a license mandatory. At its core, it helps prevent the clear public safety risk of seeking financial benefit over patient care decisions.

The American Medical Association (AMA) and the Federal Trade Commission (FTC) disagree on the value of CPOM—the former advocates for it while the latter says it violates antitrust laws, creating a divide among professional organizations and state regulations. What’s true is that its enforcement has allowed physicians to maintain professional independence without reliance on corporate interests, establishing an inherent form of risk control that reduces the potential for negligence or malpractice claims.

Ultimately, by safeguarding the physician-patient relationship, the Corporate Practice of Medicine doctrine also benefits health systems and corporations through risk reduction, which directly reflects on the lower likelihood of costly legal action and regulatory fines.

Corporate Medicine Practice Exceptions

It’s not all black and white when it comes to Corporate Practice of Medicine. There are certain businesses that, when playing their cards right, are allowed to responsibly mix the medical field with certain corporate involvement—caution must still be taken to avoid unlicensed individuals from providing medical services at all costs.

• Management Services Organizations (MSOs): By establishing an MSO, business leaders are communicating that there’s a clear boundary between the admin and management side of things, allowing physicians to carry out their medical practices without corporate disruption.
• Professional Corporations (PCs) and Professional Associations (PAs): These businesses are established by a group of physicians that operate within a corporate setting while maintaining full control of clinical decisions.
• Hospital employment: Although hospitals are technically companies, some states authorize these organizations to directly hire physicians, provided they’re allowed to maintain full control of the medical services they deliver.

However, it is vital to understand that the distinct separation between MSOs and PCs/PAs is structured primarily to ensure compliance with CPOM laws. While CPOM restrictions prohibit shared ownership between these two entities, their operations are legally intertwined through an MSA. This binding contract ensures that the MSO provides the necessary administrative and non-clinical support to the PC/PA. For insurance purposes, the two entities effectively operate as one; therefore, specialists often recommend writing policies in the name of both the MSO and PC/PA to ensure comprehensive coverage.

Identifying Your Exposure: State-Specific Risk Factors

Corporate Practice of Medicine compliance is, like many state-sanctioned regulations, not very straightforward to follow due to its geographic risk. Because each state has its own take on the doctrine, multi-state healthcare organizations and medical practices have to be extra careful to comply in every territory; what is allowed in one state might be a felony in another.

State-Specific CPOM Laws Overview

Here are some states where Corporate Practice of Medicine is especially stringent, affecting various healthcare providers requiring major legal oversight in healthcare:

• California: This state is quite strict with its CPOM laws, if not the strictest. For instance, it prohibits most non-physician entities from employing doctors, so there must be clear lines between the organization’s purpose (and its funding sources), the management team, and the licensed physicians. To illustrate, a recent lawsuit from Eli Lilly could make CPOM regulations in the state even more rigid for MSOs and PCs providing telemedicine patient care.
• Texas: Texas’s CPOM law enforcement is similar to California’s, barring non-physician businesses from hiring doctors and providing medical services.
• Oregon: Oregon recently passed Senate Bill 951, which enforces strict CPOM laws akin to California’s. This came after Optum, a UnitedHealth Group company, purchased the Oregon Medical Group in 2020, leading to several hospital closures that deeply impacted areas like Eugene, which saw its only hospital close in 2023. The bill aims to “improve healthcare access, affordability, and quality by empowering physicians and protecting patient-focused care.”

On the other hand, these are some states where CPOM enforcement is rather weak:

• Florida: This state’s approach is much more lenient, allowing for more corporate influence on physician hires.
• Alabama: Alabama’s Corporate Practice of Medicine doctrine is barely enforced, letting corporations have heavier involvement in the medical field.

The Corporate Medicine Practice Red Flags

So far, it just sounds like healthcare organizations must comply with a few laws and avoid intervening in medical services decisions. But it doesn’t stop there. The complicated part is that non-compliance is often triggered by common business practices, such as fee-splitting arrangements, an MSO controlling a practice’s clinical decisions, or a non-physician having an ownership stake in the professional entity. To guarantee full regulatory adherence, healthcare organizations rely on expert legal counsel with specialization in healthcare compliance.

In the end, the risk is in the nuance of everyday decisions related to unlicensed or uncompliant entities that might snowball into regulatory consequences.

The New Frontier of Risk: Telemedicine and Remote Care

Telemedicine has completely transformed the scope of medicine and its benefits for public health. Thanks to it, people with mobility issues and those in rural areas can get easier access to quality care with just a device and internet connectivity. Its advantages are so undeniable that 62% of C-suite executives polled by Deloitte are preparing their organizations to invest in virtual care delivery capabilities.

However, telemedicine’s interconnected nature means a doctor in Florida can care for a patient in California—CPOM laws in both states vastly differ, making this exchange a tangled regulatory mess that requires major legal and risk management considerations before taking place.

As a result, healthcare organizations providing telemedicine solutions must implement a robust, multi-state compliance program and ensure all agreements and workflows are in line with every applicable Corporate Practice of Medicine state doctrine. In fact, PCs are often created in specific states for this purpose.

The serious implications of non-compliance in medical services have also meant that insurers are monitoring this situation under a magnifying glass, scrutinizing the telemedicine business model. The price to pay for being non-compliant is high, leading medical practices to become uninsurable or face significantly higher professional liability premiums due to their elevated risk profile.

The Financial and Reputational Catastrophe of Non-Compliance

Operating within states with heavily enforced CPOM laws might feel like walking on a tight rope if organizations don’t implement proper risk management strategies right off the bat. For example, the IV clinic boom in states like Ohio is wreaking compliance havoc due to loose operations involving prescriptions from unlicensed physicians, such as nurses and paramedics. Medical regulators are already on the lookout for the 201 established clinics in the state.

These kinds of novel non-compliant cases can have a deep impact on every aspect of the business, affecting physician organizations and leading to loss of insurability and reputational damage.

The Legal and Insurance Implications

Healthcare organizations that fail to comply with CPOM laws could even go as far as immediately losing their professional liability insurance policies or face non-renewal.

In today’s heavily regulated medical services sector, operating without proper insurance means dealing with unwanted risk at close range. In the event of a legal claim, covering fees and settlements out of pocket could drain businesses and hinder their ability to operate in the future.

Additionally, fines for unlicensed practice of medicine can be severe, in some cases reaching into the millions of dollars—these costs are often not covered by a standard insurance policy.

A Corporate Practice of Medicine violation can also be used by an opposing counsel to argue that a practice is not a legitimate medical entity, compromising a legal defense, and leading to denial of coverage by the malpractice carrier.

All of these issues could inevitably lead to reputational burdens that can damage a business entity’s image to the point of no return. A high-profile enforcement action can cause a loss of patients and a breakdown of trust with the public and other healthcare providers.

Proactive Risk Management and Insurance Strategies

Proactively reducing the risks associated with medical services in the US will give corporate entity leaders and physicians the freedom to comfortably operate their business without any setbacks. As we’ve seen with recent news, risk management in this area requires constant monitoring to stay on top of new regulations stemming from legal action, so staying compliant is an ongoing effort.

To start, organizations must establish a risk management framework to oversee evolving compliance matters. For example, this could involve an independent clinical governance body that clearly outlines the separation between business operations and medical decisions.

Another way to manage risk is by opting to operate under an MSO model, a strategic tool for mitigating CPOM risk, as it falls under the doctrine’s exceptions. However, stepping into this realm entails carefully crafting an MSO agreement that ensures the MSO provides only administrative services and does not influence clinical matters.

None of these strategies can truly work without running periodic external and internal audits to identify and correct any potential CPOM violations, lest you leave missteps to be discovered by regulators or during a legal claim later on. This is where constant monitoring is an investment that will ultimately save companies time and money on legal headaches.

Insurance is also a vital risk management measure that acts as a safety net against the nuances of CPOM laws. As such, healthcare providers need to work with an insurance broker who specializes in this space and has a deep understanding of CPOM laws in the states where organizations operate, ensuring their professional liability policy provides the necessary protection.

From CPOM Risk to Growth Resiliency

Although many might see CPOM laws oversight as an extra step and even an unnecessary cost, especially when operating in multiple states, adopting proper risk management to stay compliant with these laws is a vital step towards building a successful and long-lasting business. If growth is on the horizon, so should your CPOM compliance measures.

Plus, a strong understanding of the Corporate Practice of Medicine is not merely a legal requirement but also the cornerstone of an effective risk management and insurance program, which healthcare organizations often lean on to thrive in the industry.

Addressing CPOM compliance is, at the end of the day, protecting your medical practice from the catastrophic financial, legal, and reputational consequences of non-compliance. In the evolving landscape of healthcare, this strategic foresight is what separates a resilient business from one that is left vulnerable.

Insurance Rebuilt, End-to-End

We've supported startups from stealth mode to huge funding rounds.

Get a Custom Quote