3 Keys to Managing Legal Risks in Healthcare Ventures with MDs

Healthcare ventures between entrepreneurs and medical risks create legal risks of corporate practice of medicine and fee-splitting.  In this article, learn 3 keys to navigating these healthcare legal risks.

Case Study

Joe has an idea for a healthcare startup where Healthcare Enterprises, the healthcare startup, seeks to attract customers (i.e., patients who will be seen by an MD) in a certain target healthcare market.

It could be, for example:

• Weight loss
• Chronic pain
• Fatigue
• Insomnia
• Sexual dysfunction
• Low testosterone (“low-T”) and anti-aging

Or any number of common conditions.  Because basically, everyone wants to:

• Look younger
• Feel better physically
• Feel better emotionally
• Have better relationships
• Have more energy

Whatever the condition or situation, the bottom line is that Joe, the healthcare entrepreneur, is the big promotional force behind the idea (i.e., the one managing and marketing the operation); at the same time, the customers of Healthcare Enterprises are going to be patients and they need to be under the care of an MD, especially if the treatment involves prescription medication (and even more so if it involves prescription of controlled substances).

There are many variations on this model.  For example, the patients could be buying existing healthcare services from a certain type of medical doctor they already see, and, the professional service add-on is ancillary and a natural referral from the existing MD.  However, the key here is that it’s really Joe (aka Healthcare Enterprises) driving the referral.

And Healthcare Enterprises must take care so as to mitigate the legal booby traps of:

• Corporate practice of medicine laws
• Kickback and fee-splitting laws (prohibitions)
• HIPAA and privacy & security laws

 And other legal snares.

Joe comes to our healthcare lawyers with a simple plan:

1. We’re going to build a website, mobile app, software ….
2. We have a plan to drive traffic and convert customers.
3. Here is our package of medical services.
4. We’re going to build up the brand and do the equivalent of a franchise by spreading to multiple brick-and-mortar locations, or across the land virtually and digitally (telemedicine, m-health, mobile health, digital health, connected health, whichever term we use the concept is healthcare where the MD’s physical body is in a different location than the patient’s).
5. Because we’re making the investment – and because I want to exit in 3-5 years and in the meanwhile attract investors – we want the value to be in the brand, not in the physician or physicians.
6. We need a doctor involved, because there are prescriptions, or because this involved diagnosis and treatment, or because there are risks and contraindications, or because we’re dealing with real medical conditions and therapies and can’t pretend we’re in the world of “health and wellness” and outside medical licensing laws.
7. We want to minimize liability or at least mitigate liability exposure.

And Joe wants to explore legal strategies and solutions to build the healthcare platform.

The Legal Terrain

As we’ve noted in other posts, the key here is the expansion of medicine from brick-and-mortar, where it was strictly under the watchful eye of the licensed MD and all the regulation pertinent to practices, to the world of the Web.  Whether dealing with online healthcare via a website, mobile healthcare via smartphones, or some other variation—whether we use telemedicine or digital health or any other term—the core here is that instead of the binary relationship between doctor and patient, we have a triangular relationship between the MD, the patient, and the healthcare venture.  And this is what raises the legal specter of corporate practice of medicine and fee-splitting (and kickback issues).

This is true whether dealing with a model involving medicine (integrative medicine, functional medicine, anti-aging medicine – whatever the moniker), or a profession such as dentistry.  See, for example:

If Joe were an MD and seeking to expand his medical practice via telemedicine, we would focus on different legal issues, specific to online practice of medicine. See, for example:

More broadly, see our post exploring the overall legal terrain for telemedicine:

There are some fundamentals, which we’ll talk about next.

3 Keys to Managing Legal Risks

Three important keys to managing legal risks in healthcare ventures with MDs are:

1. Use an MSO Model

Understand the role of the healthcare venture as distinct from that of the clinical professional (MD or other healthcare professional), and, use an MSO model (as described in some of the above posts) to document this “separation of powers” and thereby manage legal risk.

For more about the MSO models, see

Also see any medical board pronouncements in your home state.  For example:

In California–

Corporate Practice of Medicine – The Medical Board of California

Management service organizations arranging for, advertising, or providing medical services rather than only providing administrative staff and services for a physician’s medical practice (non-physician exercising controls over a physician’s medical practice, even where physicians own and operate the business).

In Texas—

FAQs for Licensees – Texas Medical Board

A general summary of the corporate practice of medicine doctrine is that it prohibits physicians from entering into partnerships, employee relationships, fee splitting, or other situations with non-physicians where the physician’s practice of medicine is in any way controlled or directed by, or fees shared with a non- …

The MSO model is useful for telemedicine and digital health.  Even though the healthcare venture is not managing a brick-and-mortar medical practice, it is effectively managing and marketing the practice of one or perhaps thousands of physicians to the patients who come through the healthcare venture’s platform or portal.

2. Understand that the MSO must charge fair market value (FMV) for its services, and, that, with respect to how the MSO makes its money, a critical relationship here is the one between the healthcare venture on one hand and the MD on the other. In other words, the healthcare venture is functioning as an MSO, and charges the MD (or physicians within the vast network the healthcare venture has created) fair market value for the MSO services.
3. Seek legal counsel to navigate all the other legal issues, such as HIPAA and privacy and security rules.

The healthcare venture cannot count on the MD for all the privacy and security issues that will arise in opening up a platform to dozens, hundreds, and perhaps thousands or tens of thousands of patients.

HIPAA compliance is not guaranteed merely because the healthcare venture uses an EMR (electronic medical record) where the vendor claims to be “HIPAA compliant.”  HIPAA compliance requires a number of steps—which include having a secure EMR—but the requirements are extensive, and much is required by way of implementation.  Among other things, all members of the workforce require HIPAA training (HIPAA training).  A Privacy and Security Manual is recommended, even if HIPAA does not technically apply because the medical practice or platform does not bill insurance electronically. The reason is that state law often has the same requirement as HIPAA that healthcare providers and entities maintain the privacy of medical records and implement reasonable (or adequate) security measures with respect to PHI (protected health information).

There are other legal issues to be addressed, such as:

• Is a “good-faith,” “appropriate” exam required by the MD before treatment, and must this be in-person or can it be done telephonically, or by a secure audio-visual visit?
• Is this necessary before prescription?
• Is this necessary to write an order for a prescription medical device, or just for a prescription, Rx drug?
• Who can perform such an exam, beside the MD: an RN? The PA? An NP?
• What can a medical assistant (MA) do?
• Should the fee that the healthcare venture charges the physician or medical practice be styled as a management fee, a marketing fee, or a software or other kind of licensing fee? What amount is reasonable; are percentages of gross revenues allowed?
• What other safeguards should be built in to mitigate risk that OIG or state enforcement authorities will see an unlawful “joint venture?”
• How much work does the clinician have to do to satisfy standard of care concerns?
• Can the healthcare venture directly charge the patient and bundle the physician fee and various service fees, or does this present a risk of anti-kickback or fee-splitting enforcement?
• Do these arrangement present Stark law issues?
• Does it matter whether payments flow from the customer through the physician or medical practice to the healthcare venture, or go directly from the patient to the healthcare venture or platform and then a portion goes back to the MD or medical practice?

Legal arrangements can be complicated when healthcare ventures try to “partner” with MDs.  However, healthcare lawyers can help structure the deal so as to help mitigate potential enforcement risk. A good HIPAA lawyer can also help determine who must comply with HIPAA and what must be done to maximize compliance efforts.

As well, healthcare ventures can get confused with all the terminology out there around telemedicine, mobile health, MSOs, digital health, and so on—and misconstrue whether the key piece of law involves FDA regulation, telemedicine laws, medical licensing laws, state privacy and security laws, informed consent, or something else.  Contact an experienced healthcare regulatory law firm for legal advice concerning healthcare legal compliance, especially when structuring a relationship between the healthcare venture and a physician or physicians who will be involved in the venture.