Corporate Practice of Medicine for Physicians: The Mistakes That Turn a Compliant Contract Into a Non-Compliant Practice
Most physician-owned PCs in MSO arrangements have a compliant agreement on paper. The problem is how the PC actually runs.If you are a physician who owns a PC inside an MSO structure, your contract almost certainly says the right things. It says you control clinical decisions. It says you hire and fire clinicians. It says you approve protocols and oversee quality. It says the MSO handles business operations and nothing more.And then the company launches, patient volume ramps, the MSO team moves fast, and almost none of those things actually happen the way the agreement describes. The physician owner signs off on hires they never interviewed. Protocols get written by the MSO's clinical operations lead and sent to the PC for a signature. Money flows in directions the MSA never documented. A medical director role exists on the org chart but functions like a rubber stamp.This is the corporate practice of medicine compliance gap. Not the paperwork. The operations. And it is where almost every enforcement action, investor diligence failure, and state medical board inquiry in telehealth actually begins.This post breaks down what physicians typically agree to in their PC/MSO contracts, where the real-world operations drift away from the contract language, and how to close the gap. It is written for physicians who are already operating inside an MSO structure, though there is a short section at the end for anyone still evaluating an offer.A quick refresher on what CPOM actually requires
The corporate practice of medicine doctrine is state law, not federal, and roughly thirty-three states enforce some version of it. The core rule is simple. Only licensed physicians can own a medical practice or control how medicine is practiced. Non-physicians can own the business infrastructure around a practice, but they cannot control clinical decisions.
The standard structure that makes non-physician investment possible is the PC/MSO model. A physician-owned professional corporation, the PC, employs clinicians and delivers care. A management services organization, the MSO, owned by non-physicians, provides business support under a management services agreement, the MSA. The PC pays the MSO a fee for that support, and the physician owner retains authority over everything clinical.
That is the structure on paper. What regulators care about is whether it is the structure in practice. In every enforcement action that matters, the question is the same: who is actually directing clinical decisions day to day? If the answer is the MSO, the structure does not protect anyone, no matter what the agreement says.
The seven gaps between what physicians sign and how they actually operate
Below are the seven places I see the contract and the operations come apart most often. Each one starts with what the agreement typically says, then what physicians are actually doing, then what compliance looks like when you close the gap.
Approval of clinical hires
What the contract says
The MSA reserves all clinical hiring and termination authority to the PC. The PC, acting through its physician owner or a credentialing committee, hires, credentials, and terminates every clinician. The MSO may provide sourcing, recruiting logistics, and administrative coordination, but the hiring decision rests with the PC.
What physicians actually do
The MSO runs recruiting end to end. A clinical lead inside the MSO screens candidates, makes the offer, negotiates compensation, and the physician owner finds out after the fact when they are reviewing a collaboration agreement. No documentation of the review. No credentialing file reviewed. No meaningful evaluation. The MSO then tells the candidate they are hired.
This is the most common and most dangerous gap, because it looks like the physician owner approved the hire but the substantive decision was made inside the MSO.
What compliance actually looks like
The PC maintains a credentialing file for every clinician, with primary source verification of licenses, board certifications, DEA registrations, and malpractice history.
The physician owner or a named clinical leader reviews each candidate before an offer is extended, documents the review, and signs a credentialing approval memo that lands in the file.
Offer letters and employment agreements are issued by the PC on PC letterhead, not by the MSO.
Termination decisions follow the same trail. A documented clinical reason, signed by the physician owner, before the clinician stops seeing patients.
Review and approval of clinical protocols
What the contract says
All clinical protocols, treatment guidelines, prescribing policies, and standards of care are developed, reviewed, and approved by the PC. The MSO may provide operational support, data, and administrative coordination, but the PC has final authority over any document or policy that touches clinical decision-making.
What physicians actually do
The MSO's product team or clinical operations lead writes the protocols. They are often built into the telehealth platform as decision trees or prescribing rules before any physician has reviewed them. The protocols are sent to the physician owner as a PDF or a link with a note asking for sign-off. The physician owner skims them, replies approved, and moves on.
If a regulator ever asks how those protocols were developed and who owns them, the answer from the MSO side is that the physician owner approved them. The answer from the physician side, if they are being honest, is that they did not write them, did not materially review them, and could not defend specific clinical choices inside them.
What compliance actually looks like
A clinical governance structure, usually a medical committee or clinical advisory board inside the PC, with a documented charter, meeting cadence, and voting authority over protocols.
Every protocol is reviewed in a scheduled meeting, with minutes that capture what was discussed, what was changed, and who voted to approve.
Protocols are versioned, dated, and signed by the PC's clinical leadership, stored in a system the PC controls.
When the MSO proposes a change, the change goes through the committee. The committee can accept, modify, or reject. That authority gets exercised, not just reserved.
The payment structure and money flow
What the contract says
Patients pay the PC for clinical services. The PC pays physician compensation, malpractice premiums, and benefits out of its revenue. The PC then pays the MSO a management fee under the MSA, set at fair market value for the services actually provided, adjusted no more than once a year, and documented with a reasonable methodology.
What physicians actually do
This is where the operational drift is the most invisible and the most risky. In a lot of real-world setups, patient payments land in a bank account controlled by the MSO, or in a PC account the MSO has full authority over. The management fee is calculated at whatever level sweeps the PC down to near zero every period, without a documented fair market value analysis. The fee structure changes informally over time. The physician owner has never seen the bank account or reviewed a profit and loss statement for the PC.
This pattern creates several overlapping problems. It looks like the PC has no independent financial existence, which reads as a shell entity to regulators. It looks like the management fee is set to capture all PC revenue by design, which implicates fee-splitting laws in states that prohibit or disfavor percentage-based arrangements. And it looks like the MSO is exercising financial control over the PC, which is a CPOM violation regardless of what the agreement says.
What compliance actually looks like
The PC has its own bank account in the PC's name. Only PC-authorized signers, meaning the physician owner or a designated physician, have signature authority. The MSO does not control the account.
Patient revenue is deposited into the PC account. Physician and clinician compensation, malpractice, and benefits are paid from that account.
The management fee is set in a written methodology supported by a fair market value analysis. For most deals, that means a fixed fee or a cost-plus structure, reviewed annually, not a percentage that silently sweeps PC revenue.
The physician owner receives weekly or monthly PC financial statements and can actually read them. Quarterly reviews with the MSO on fee methodology and any proposed changes.
In states that prohibit or disfavor percentage-based management fees, the fee is structured differently regardless of what the MSO prefers.
The medical director role
What the contract says
The PC has a designated medical director, often the physician owner, with defined responsibilities that include clinical oversight, protocol approval, quality review, supervision of clinicians, and response to clinical incidents.
What physicians actually do
The medical director title is on a business card and an org chart. The role takes two to four hours a month. There are no scheduled oversight activities, no chart reviews, no quality meetings, no incident response process, and no evidence of supervision anywhere in the record. If a state medical board sent a records request tomorrow asking for proof of medical director activity, there would be nothing to send.
This is the gap that most commonly shows up in enforcement actions and in the telehealth compliance scandals that have been in the news over the past two years. A medical director existed in name only, the company scaled rapidly, and when something went wrong nobody could demonstrate that clinical oversight was actually happening.
What compliance actually looks like
A medical director scope of work document that lists specific, measurable activities: number of chart reviews per month, quality meeting cadence, protocol review schedule, incident response turnaround, and clinician supervision touchpoints.
A monthly or quarterly oversight log that documents what was done. Dates, counts, findings, follow-up actions.
Chart review sampling on a documented methodology. Ten percent, or twenty-five charts, or whatever the scope says, reviewed and signed off.
Quality metrics reviewed on a schedule. Adverse events, patient complaints, prescribing patterns, documentation completeness.
Compensation for the medical director role that is proportional to the work actually performed, not a token stipend that does not match the scope.
State-by-state licensure and structure
What the contract says
The PC is licensed and authorized to provide medical services in each state where it operates. The physician owner is licensed in each state where the PC owns the professional entity.
What physicians actually do
One PC, formed in one state, sees patients in thirty. The physician owner is licensed in five of those thirty states. The structure was never rebuilt for multi-state operations because it was working and nobody wanted to slow things down.
This is a structural CPOM problem. In many strict CPOM states, the PC owning the professional entity must itself be owned by a physician licensed in that state. A California PC owner must be licensed in California. A New York PC owner must be licensed in New York. There are nuanced workarounds in some states, but the default rule is the one that matters in most enforcement conversations.
What compliance actually looks like
A state-by-state exposure map, updated at least annually, covering every state where patients are seen or will be seen in the next twelve months.
A structure decision for each state: whether the existing PC covers it, whether a new state-specific PC is needed, or whether an interstate arrangement supports it.
Physician ownership of each state PC by a physician actually licensed in that state. In some multi-state rollouts, this means a network of PC owners rather than a single person.
Renewals tracked on a calendar owned by the PC, not the MSO. License expirations, state filings, and registered agent updates are the PC's responsibility.
Supervision of clinicians
What the contract says
The PC is responsible for supervision of all clinicians employed or contracted by the PC, including any mid-level providers who require physician collaboration under state law. Supervision activities are conducted by the physician owner or a designated physician.
What physicians actually do
The collaboration agreements with nurse practitioners and physician assistants are in place. The statutory requirements for chart review and case conferences are on the compliance checklist. And then nothing happens. No charts reviewed. No case conferences. No documentation. The mid-level providers are seeing patients at volume, and the physician who is supposed to be collaborating with them is fully absent from the clinical workflow.
Most states have specific requirements for how often mid-level provider charts must be reviewed, how many charts must be sampled, and what documentation the collaboration requires. Those requirements are not suggestions. They show up in state medical board investigations and in the scope of practice challenges that have been reshaping telehealth for the past several years.
What compliance actually looks like
State-specific supervision and collaboration requirements mapped against every mid-level provider the PC employs or contracts.
A supervision schedule that meets the applicable state requirements. If the state requires ten percent chart review, that is what the schedule enforces.
Documented case conferences with meeting notes, participants, cases discussed, and any clinical decisions made.
A supervision log per provider that a state medical board could read and understand in under five minutes.
If the collaboration requirements cannot realistically be met at the volume the practice is operating, the practice is being run out of compliance. Either the volume has to come down, the physician capacity has to go up, or the structure has to change.
PC governance and documentation
What the contract says
The PC operates as a functioning professional corporation with appropriate governance, including annual meetings, board resolutions for significant decisions, corporate minutes, and separate books and records.
What physicians actually do
The PC was formed two years ago and has not held a single documented meeting since. No minutes. No resolutions. No corporate records distinct from the MSO's files. If asked for the PC's corporate book, the physician owner would have to ask the MSO where it is.
This is a separateness problem. One of the questions a regulator or a diligence attorney will ask is whether the PC is operating as an independent entity. If the PC has no independent governance trail, the structure looks like a sham, and the friendly PC defense collapses.
What compliance actually looks like
Annual physician owner meetings with minutes, even if the PC has one owner. Document the meeting, document the decisions, file the minutes.
Board or physician resolutions for significant actions: approval of new protocols, material MSA amendments, opening or closing a state operation, major clinical hires.
Separate corporate records, stored where the PC can access them independent of the MSO.
Annual renewals and state filings on a PC-controlled calendar.
A designated registered agent and a current filing status in every state where the PC is registered.
The thread running through all seven: a compliant structure is not a document. It is an operating system. Every authority the contract reserves to the PC has to be exercised, documented, and defensible. If it is not, the contract is evidence that the PC knew what it was supposed to do and chose not to do it. That is worse, not better, than not having the provisions at all.
If you have not signed yet
For physicians evaluating a friendly PC offer, the operational view of CPOM changes how you read the contract. You are not just reviewing clauses. You are asking whether the company is set up to run in a way that makes those clauses true.
Before signing, ask four questions:
Will the PC have its own bank account, with the physician owner as signer, and will patient revenue actually land there?
Is there a real medical director scope of work, with activities, cadence, and compensation proportional to the work, or is this a title and a stipend?
How will clinical hires and protocols actually be reviewed and approved, and who does the work of reviewing them? If the answer is the MSO and the physician owner just signs off, you are being set up for a compliance gap before you start.
Does the company understand state-by-state licensure and structure, or is there one PC and a wish that it will cover everywhere?
How the team answers these questions tells you whether compliance is a feature or a paperwork exercise. The latter is the deal that breaks in year two.
How Camino builds physician-led infrastructure that actually holds up
Camino Strategy Group works with physicians and physician-led companies to build PC/MSO infrastructure that is compliant in operation, not just on paper. If you are a physician operating inside a PC/MSO arrangement and any of the gaps in this post sound uncomfortably familiar, Camino can help you close them. If you are evaluating an offer and want a structural review before you sign, we do that too.
Further reading
Friendly Physician Models: The Basics Through 5 Frequently Asked Questions (Brennan Manna Diamond)
Structuring Captive Practice Models for MSOs (Frier Levitt)
MSO Compliance in the CPOM World (Withum)
Corporate Practice of Medicine: The Unseen Hurdle in Telehealth (Epstein Becker Green)
Telehealth's Weight-Loss Boom and the Corporate Practice of Medicine (Dickinson Wright Health Law Blog)
Federation of State Medical Boards: Telehealth Policy (FSMB)
About the author. Phoebe Gutierrez is the founder of Camino Strategy Group, a healthcare compliance and strategy consultancy for physician-led telehealth and digital health companies. Camino builds foundations that scale.
Legal disclaimer. This article is for educational purposes only and is not legal advice. Corporate practice of medicine laws vary by state and are subject to change. Consult qualified healthcare legal counsel for advice specific to your situation.
