Healthcare Start-ups: Beware of These Common Regulatory Risks

Physicians in a meeting with an attorney to discuss a Health Care Start-up.

Technology has allowed us to weather significant disruption and social distancing amid a global pandemic. From Amazon and Instacart to DoorDash and Zoom, tech companies have forged a new normal, earning a starring role in our post-pandemic world.

The technology trend has hit the healthcare industry as well. Technology innovations and creative marketing techniques have enabled and accelerated the adoption of telehealth and telemedicine. We expect this trend will continue as patients learn to rely on the convenience and ease of access to technology-enabled health care.

Compliance Considerations for Healthcare Start-ups

For tech companies and marketing startups that want to be at the forefront of this movement, creating a foundation of compliance will be critical to realizing success. This applies to technology vendors that offer videoconferencing, text and communication platforms, and management software to patients and providers, as well as entrepreneurs looking to develop health apps or apply creative marketing techniques to healthcare products and services.

Business practices that are legal and acceptable in other industries can be strictly prohibited in the healthcare industry. Take referrals, for example. The business world relies on referrals, incentives, and networking to nurture profitable business relationships. In the healthcare industry, however, referrals and incentives are closely regulated and largely prohibited. The consequences of violating those prohibitions are severe and often irreversible.

This is not said to discourage you from breaking into the health care space, but rather to encourage you to keep these considerations in mind.

Know the Regulatory and Enforcement Risks

The regulatory landscape surrounding health care is a patchwork of state and federal laws that are constantly evolving. This year, for example, major rule changes were made to the Stark Law and Anti-Kickback Statute (AKS). As a result of this complexity, even unintentional mistakes can land providers and healthcare businesses in hot water for violations that pack big penalties.

Here are a few important laws and regulations to be aware of as you structure and develop agreements for your business:

The Texas Corporate Practice of Medicine Prohibition

Texas prohibits non-physician individuals and corporations from practicing medicine or employing physicians to provide medical services. In recent years, tech companies have been a big target for regulators looking to prevent corporate interests from influencing medical decisions.

For tech companies that want to bring physicians on board, it is crucial to evaluate arrangements between physicians and non-physicians to ensure they meet statutory exceptions under the Texas Corporate Practice of Medicine Prohibition doctrine. Physicians can enter into independent contractor arrangements with non-physicians. However, entities and agreements must be carefully structured and governed to comply with this doctrine.

Anti-Kickback Statue, False Claims Act, Stark Law & State Equivalents

In some industries, it is legal to create professional relationships where remuneration is exchanged for referrals. In health care, such a relationship can result in violations that put career-altering penalties on the table under laws such as the:

Tech vendors and marketing firms can run afoul of these and other state and federal healthcare laws by engaging in illegal relationships or marketing arrangements where clients, physicians, or competitors are paid unlawful kickbacks to generate sales or new business.

Investigations initiated by the HHS-OIG, the Texas Attorney General, and other regulatory agencies can cost businesses considerable time and money, and create exposure to civil penalties, fines, and exclusion from serving Medicare or Medicaid populations. In some cases, such as those involving violations of the Anti-Kickback Statute (AKS), alleged offenders may also face criminal penalties.

An experienced healthcare attorney can advise you on the safe harbors available to your business and help you design a compliance plan to remain firmly within the boundaries of those safe harbors.


Our reliance on electronic health records (EHR), wearable fitness-tracking devices, and health apps has increased dramatically. While this rapidly growing sector of the digital health space provides a lot of opportunities to entrepreneurs, it also creates many questions about patient privacy and regulatory compliance under the Health Insurance Portability and Accountability Act (HIPAA).

While not everyone looking to break into the healthcare space may have obligations under HIPAA, companies that engage in any electronic recording, storing, or management of protected health information (PHI) with, for, or on behalf of covered entities (CEs, which includes physicians, hospitals, dentists, and health insurers) do.

Even with some temporary adjustments to HIPAA rules during COVID-19, violations of laws related to protected health information can be costly. Like some other healthcare regulations (such as the Stark Law and AKS), entities can be liable regardless of whether the violation was intentional or a mistake. The most serious violations can also have criminal consequences.


The pandemic accelerated an adoption of telemedicine as an emergency means to relieve the burden on in-person health care providers. While telemedicine will likely be more accessible to Americans in the post-pandemic world, it remains to be seen how this arena will be regulated beyond temporary exceptions and emergency directives currently in place.

As things evolve, tech and marketing companies looking to capitalize on the promising future of telemedicine need to incorporate an active and ongoing commitment to compliance into their company culture – one that can quickly adapt and implement changes as new rules develop. Partner with an established and active health and medical law firm that can provide you with proactive counsel and help you quickly respond to enforcement actions.

How Can Tech and Marketing Companies Evaluate and Address Health Care Compliance Risks?

For tech and other service companies that want to enter the healthcare industry, investing in proactive regulatory compliance is one of the most effective ways to mitigate risks associated with costly audits and healthcare fraud investigations, and ultimately preserve any realized return.

One of the best places to start is with a comprehensive compliance plan that includes essentials such as:

  • A code of conduct
  • Written policies and procedures
  • A designated compliance officer / compliance committee
  • Training and education programs
  • A culture where communication and reporting are encouraged
  • An enforcement plan
  • Procedures to self-audit and monitor compliance on an ongoing basis
  • A corrective action plan that can be implemented to identify why violations occurred.

Health care has undoubtedly become a more attractive industry for tech companies and marketing services, but creating enduring value requires more than getting in on the ground floor. Service and tech vendors in this space face a minefield of state and federal laws related to healthcare regulations and patient privacy, in addition to the struggles of trying to get an enterprise to succeed.

If there is one takeaway for healthcare start-ups to glean, it is that healthcare compliance is a moving target that requires active and ongoing evaluation, self-auditing, and refinement. This is important both for mitigating potential violations preemptively and for having the systems in place to pursue a more positive outcome should enforcement actions or investigations come knocking at your door.

At Hendershot Cowart P.C., our health and medical law team provides comprehensive counsel on a range of matters from healthcare compliance and contracts to proactive or responsive defense. To discuss our services and your needs with an attorney, contact us today.

Share on LinkedIn
Related Posts
  • Do Cosmetic Injections Involve The Practice Of Medicine? Read More
  • Billing Mistakes For Medicare Annual Wellness Visits Cost Providers Read More
  • Stricter Than HIPAA: Is Your Substance Abuse Or Mental Health Program In Compliance With 42 CFR Part 2? Read More

We Are On Your Side

Contact Us To Schedule Your Consultation

Trey headshot
  • Please enter your first name.
  • Please enter your last name.
  • Please enter your phone number.
    This isn't a valid phone number.
  • Please enter your email address.
    This isn't a valid email address.
  • Please enter a message.