How to Avoid Corporate Practice of Medicine (CPOM) Violations: Lessons from the NaphCare Investigation
How to Avoid Corporate Practice of Medicine (CPOM) Violations: Lessons from the NaphCare Investigation
On March 27, 2026, the New York Attorney General (“OAG”) concluded an investigation into NaphCare, LLC (“NaphCare”), resulting in $875,000 in penalties and a five-year ban on New York correctional health contracts. While this case unfolded in a correctional setting, the legal principles at play, the Corporate Practice of Medicine (“CPOM”) doctrine and the MSO-PC model, apply directly to nearly every digital health/telehealth direct-to-consumer model operating in New York.
What is the Corporate Practice of Medicine?
CPOM is a legal doctrine that prohibits non-physicians or business entities from practicing medicine or interfering with a physician’s independent clinical judgment. In strict CPOM states like New York, Management Services Organizations (“MSOs”) cannot employ physicians or direct patient care. Instead, professional clinical services must be provided through a professional entity (“PC”), which is owned and controlled entirely by a licensed provider. Digital health companies utilize the “MSO-PC” model to achieve compliance while scaling their technology and administrative support services.
The NaphCare Case: What Went Wrong?
The OAG investigation into NaphCare (the MSO) and its affiliated PC network, ProActive Health Care Medicine, PLLC (“ProActive Health”), serves as a cautionary blueprint for how virtual arrangements can still trigger significant liability.
The “Nominal” PC Trap
The investigation revealed that ProActive Health was effectively a “nominal” provider. While the contracts claimed the PC would provide all clinical services, the reality was different: NaphCare’s Alabama-based nurses, who were not licensed in New York nor employed/supervised by ProActive Health, were issuing prescriptions and managing treatments via telehealth.
The Lesson: You cannot “rent” a New York-licensed physician to put their name on a PC while an MSO runs the clinical show.Operational Entwinement
The MSO and PC shared the same principal place of business in Alabama. This lack of physical and operational separation made it difficult to argue that the entities were truly independent. Further, ProActive’s medical director reported directly to NaphCare’s Chief Medical Officer.
The Lesson: Clinical leadership must be separate from MSO leadership to avoid undue corporate influence by the MSO.
Three Best Practices to Protect Your MSO-PC Model
To mitigate risk, digital health enterprises should move beyond “template” compliance and focus on operational reality:
Maintain True Clinical Autonomy: The PC must oversee and approve all clinical workflows, protocols, and prescription guidelines. All clinical decision-making and related activities must rest with the PC, and cannot be influenced or dictated by the MSO.
Formalize Separation: The MSO and PC should maintain separate addresses, bank accounts, and distinct leadership hierarchies. Clinical performance reviews should stay within the PC.
Recognize State-Specific Compliance: A “one-size-fits-all” MSO-PC model often fails in states like New York, where CPOM laws are strictly enforced. Your model must be tailored to the specific risks of the state where you offer services.
How Nixon Law Group Can Help
At Nixon Law Group, we specialize in the intersection of healthcare innovation and complex regulation. We help digital health clients navigate the gray areas of the MSO-PC model to assist clients in ensuring that they can achieve their business goals without compromising legal compliance. Ready to audit your MSO-PC structure? Contact Nixon Law Group today to mitigate your risk and build a compliant foundation for your business model.