Legal + Regulatory
November 17, 2025

The CPOM Crackdown: Why Telemedicine Startups Should Be Watching State Laws Closely

Rebecca Gwilt
Follow on LinkedIn

"Wait—so our MSO model might not be legal in Oregon anymore?"
That’s the question a founder of a multi-state telehealth platform asked after Oregon passed SB 951. And she wasn’t alone. Across boardrooms and VC Slack channels, healthcare operators are scrambling to decode a fast-moving regulatory trend: a nationwide wave of Corporate Practice of Medicine (CPOM) legislation.

Whether you're running a virtual-first dermatology platform or building out a nationwide MSO-backed urgent care model, the CPOM landscape just changed. And if you're not watching closely, you could build something that no longer works legally in half your markets.

Why CPOM Matters (Especially Now)

The Corporate Practice of Medicine doctrine prohibits non-licensed individuals or entities from interfering with the clinical judgment of healthcare professionals. It exists to protect patients from business interests dictating care decisions. You can read my primer on the basics here. 

Historically, CPOM enforcement was patchwork: a mix of dusty court cases, vague Board of Medicine guidance, and the occasional AG lawsuit. But in the last few years, more courts are ruling on these arrangements and state legislatures have started codifying stricter CPOM rules into law.

Here’s why that’s a big deal:

  • Laws are enforceable. These bills bring teeth to what were, in some cases, previously advisory or litigated standards.
  • MSO models are under the microscope. Many laws explicitly regulate management services organizations, private equity structures, and affiliated ownership.
  • Telemedicine companies are at high risk. Many virtual-first companies use MSO models or contract-based clinical arrangements that may now violate CPOM laws.

A 2025 CPOM Legislative Wave

Many states introduced, and three states passed, landmark CPOM legislation in 2025:

California

SB 351 + AB 1415

  • Targets private equity (defined broadly) and hedge fund interference in physician/dental practices.
  • Prohibits PE groups from making clinical decisions or controlling hiring, coding, billing, or third-party contracting.
  • Invalidates gag clauses and non-competes related to quality of care or professional judgment.
  • Adds data and transaction reporting obligations for MSOs under the Office of Health Care Affordability.

Indiana

SB 475

  • Prohibits noncompete agreements for physicians employed by hospitals or hospital systems after July 1, 2025.
  • Part of a broader trend of untangling hospital-physician employment structures and re-centering provider autonomy.

Oregon

SB 951

  • One of the most comprehensive CPOM laws in the country.
  • Bars MSOs and their affiliates from:
  • Owning or controlling majority shares of a medical practice.
  • Exerting control over clinical decisions, staffing, billing, or pricing.
  • Using noncompetes, nondisclosures, or gag clauses to silence providers.
  • Creates private rights of action and punitive damages for violations.
  • Has limited carveouts (e.g., tribal, behavioral health, PACE, some telemedicine entities).

Quick Takeaway: These aren't subtle tweaks. They could require structural rewrites of entire business models.

Coming Soon? 8 More States Are in Motion

States that have introduced CPOM-related legislation in 2025 include:

  • New York
  • Washington
  • South Carolina
  • Vermont
  • Texas
  • New Mexico
  • Minnesota
  • Massachusetts

While specifics vary, most proposed bills:

  • Target private equity or MSO control of medical practices.
  • Prohibit noncompetes and nondisparagement clauses for clinical providers.
  • Authorize state regulators or attorneys general to take enforcement action.

Expect a trend toward model legislation, much like we saw with consumer data privacy and healthcare AI laws.

What Founders and Investors Should Do Now

If you're operating a multi-state healthcare company, you need a CPOM strategy. That means:

  • Audit your MSO “tethering” agreements. Ensure clinical decision-making truly remains with licensed professionals.
  • Revisit your equity and control structures. Minority physician ownership isn't enough if the MSO controls decision rights.
  • Revise your corporate model. In states that bar your current practice, you can shift strategy instead of shutting down!
  • Map your risk by state. Know where you operate, and track where new bills are being introduced.
  • Train your compliance and ops teams. Especially around billing, staffing, and telemedicine workflows.

And most importantly: Engage legal counsel deeply familiar with CPOM and health regulatory structures. This is not an area for generalist attorneys or wait-and-see approaches.

Final Thought: Don’t Build Illegally By Accident

The structure for building in telemedicine has long been solid across all 50 states. In the next few years, companies will need to get creative to comply with a patchwork of new laws that make the national model a bit more complex. If your business depends on MSOs, venture-backed rollups, or virtual-first care, you must treat CPOM compliance as a core risk strategy.

Want help mapping your risk or reviewing your model?
Let’s talk.

Back to All Blogs