Telehealth Compliance Alert: Oregon CPOM Changes and Federal OIG Insights

On June 9, 2025, Governor Tina Kotek of Oregon signed Senate Bill 951 (the “Bill”) into law, effectively setting one of the nation’s most restrictive corporate practice of medicine (“CPOM”) standards. The Bill places new limits on the role of management services organizations (“MSOs”), which provide administrative and support services to medical practices (“PCs”), in Oregon.

Oregon’s new restrictions follow a wave of increased scrutiny by state regulators over the role of private investment in healthcare, an indication that additional states may follow suit. For example, California and Connecticut recently introduced (but have not yet passed) legislation in February and January 2025, respectively, aimed at limiting the influence of private equity investments in healthcare, and the bankruptcy of private equity-owned Steward Health Care prompted federal investigations surrounding how management decisions are impacting patient care. This means that many telemedicine and virtual care providers (“Providers”) should prepare for heightened compliance obligations.

Notably, Oregon’s restrictive Bill was finalized the same week that the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) issued a favorable opinion (Opinion No. 25-03) regarding an arrangement that implicated the federal Anti-Kickback Statute (“AKS”) between an MSO and a PC relating to certain administrative services (the “OIG Opinion”). This article provides an overview of the Bill and the OIG Opinion, exemplifying the patchwork of CPOM interpretations, along with key takeaways on navigating the volatile CPOM environment specific to Providers in the digital health space.

Who is typically subject to CPOM restrictions?

CPOM is a legal framework in over 30 states that restricts non-licensed individuals or corporations from owning medical practices and hiring licensed individuals (such as physicians). There are various degrees of CPOM in each state where some states only have CPOM restrictions that apply to the practice of medicine and others have additional rules that apply to other clinical services, such as dentistry, behavioral health, and/or optometry. In addition, some states such as California and New Jersey have more restrictive CPOM rules than other states. Generally, states that implement CPOM standards implement these rules to protect licensed professionals’ clinical decision-making authority without the influence of commercial or business interests.

In an effort to comply with CPOM rules on a national basis, Providers often implement an “MSO-PC Model” whereby, as noted above, the MSO provides management and administrative services to the PC so that the PC can focus on providing high quality clinical care to its patients. Under the MSO-PC model, the PC has independent and absolute authority over all clinical decision making and patient care Providers who launch an MSO-PC model do so through a series of contracts between the MSO, the PC, and a qualified licensed provider owner (“Friendly Physician”).

Read our blog post to learn more about the MSO-PC model.

New CPOM Compliance Obligations for MSO-PC Models

Oregon’s new law establishes sweeping restrictions on the role an MSO may play in supporting a PC under the MSO-PC model. The law:

1. Prohibits an MSO or any of its shareholders, directors, members, managers, officers, or employees from (i) owning shares or serving as a director or officer of the PC and (ii) serving as a director or officer, being an employee or working as an independent contractor for the PC. In effect, this means that the MSO and PC essentially cannot share owners or employees/shareholders, emphasizing that the MSO and PC must operate as completely separate entities to remain in compliance with CPOM rules.

2. Prohibits an MSO or any of its shareholders, directors, members, managers, officers, or employees of an MSO from controlling or entering into an agreement to control or restrict the sale or transfer of the PCs shares. This means succession and joint transfer agreements between an MSO, a PC, and a Friendly Physician will be under intense scrutiny, and those currently in effect may need to be modified to ensure compliance (similar to New Jersey’s stance on these types of agreements).

3. Prohibits an MSO from exercising “de facto” control over a PC's administrative, business, or clinical operations. The Bill specifically cites the following as examples of “de facto” control: advertising, payor contracting, making diagnostic coding decisions, setting prices for services the PC charges, setting clinical staffing levels, and hiring medical licensees.

4. Makes void noncompetition, nondisclosure, and nondisparagement agreements between employers and medical licensees absent compliance with specific statutory standards.

Altogether, the Bill substantially limits the role and involvement of the MSO in an MSO-PC Model. However, entities engaged in the practice of telemedicine, without a physical location in Oregon, are exempt from some of the restrictions in 1. above. The Bill has staggered effective dates depending on when applicable MSO-PC models formed in Oregon. MSOs and PCs that were incorporated in Oregon on or after June 9, 2025 must be in compliance with the Bill by January 1, 2026. MSOs and PCs that were incorporated in Oregon before June 9, 2025 have until January 1, 2029 to restructure their existing models in a manner that complies with the Bill.

OIG Opinion

On the other side of the CPOM enforcement spectrum, the OIG Opinion highlights the value of establishing compliant corporate structures and fund flows for telemedicine companies, including the MSO-PC model. The relationship at issue in the OIG Opinion included (i) a PC that leased clinicians to other PCs to provide telehealth services under a unified platform (i.e., a multi-PC network) (the “Platform PC”) and (ii) an MSO that would provide certain administrative services to the PCs (collectively the “Arrangement”). The MSO’s administrative services included a variety of accounting, marketing, support, and IT functions. In exchange, the PCs in the multi-PC network would pay a fair market value (“FMV”) hourly lease fee to the lessor PC for clinician time and an FMV administrative fee to the MSO for the administrative services (collectively the “Services Fee”). OIG concluded that the Arrangement would not violate AKS, highlighting that the Services Fee was (i) based on FMV, (ii) fit within the personal services and management contracts safe harbor to AKS, and (iii) paid regardless of reimbursement by payors for telehealth services.

Key Takeaways on CPOM from the Oregon Bill and the OIG Opinion

• Operating a national telemedicine MSO-PC model requires navigating 50 distinct state regulatory frameworks. Structuring your model to comply with the most restrictive CPOM laws provides a strong foundation for compliance.

• The legal landscape for digital health is evolving. Providers should conduct semi-annual audits of their corporate structure and compliance program to keep pace with federal and state requirements. These reviews can streamline acquisitions, financing, audits, or investigations.

• The Anti-Kickback Statute (AKS) and similar state laws prohibit improper financial incentives for patient referrals. Ensure all financial arrangements—between MSOs, PCs, customers, and payors—reflect fair market value and commercial reasonableness.

• Licensed providers must retain authority over clinical decisions. PCs should establish and document clear protocols for clinical oversight and medical decision-making.

Conclusion

The Oregon Bill and OIG Opinion represent a significant shift in the compliance landscape for telehealth and virtual care companies that operate in multiple states. Together, they create new opportunities for innovation and investment – IF corporate structures are carefully aligned with legal and compliance requirements. Maintaining clear boundaries around ownership, clinical autonomy, and financial relationships is essential for reducing risk and enabling sustainable growth.

 At Nixon Law Group, we have extensive experience helping digital health companies design and implement MSO-PC models that meet the demands of evolving state and federal regulations. Contact us to ensure that your structure supports both compliance and scale.