Spark Senior Health · Investment Book · Stage 4 of 5
Legal, Compliance & Structure
Entity design, CMS rules, Georgia requirements, and governance
§4.1 MSO Design §4.2 CMS Enrollment §4.3 GA State Compliance §4.4 CMS / Medicare Rules §4.5 Investor Rights & Governance §4.6 OIG Audit Defense
Entity Model
MSO (DE) + Clinical (GA)
CMS Billing
FFS-PFS + HPSA QB/QU
NP Supervision
Protocol Req'd · 8:1 (GA 2024)
Seed Raise
$2.35M SAFE or Conv. Note
Begin
Stage 4 · Legal, Compliance & Structure · Section 4.1
Corporate Structure — MSO & Clinical Entity Design
Two-entity model separating clinical practice from business operations. Required for investor capital, CMS compliance, and anti-kickback safe harbor protection.
§ 4.142 U.S.C. § 1320a-7b
Stark Law 42 CFR § 411
GA Secretary of State
Two-Entity Structure
MSO owns business assets · Clinical Entity holds CMS enrollment · linked by arm's-length Management Services Agreement
Spark Senior Health, INC
Delaware (investor-friendly) · for-profit corporation
  • Holds investor equity
  • Owns clinic facilities, equipment, vehicles, tech stack
  • Employs all non-clinical staff (billing, ops, MSO leadership)
  • Holds all IP, brand, software contracts, vendor agreements
  • Board-governed · investor rights attach here
  • Earns management fee from Clinical Entity under MSA
Management Services Agreement
Spark Senior Health, LLC
Georgia · professional clinical entity
  • Holds CMS PECOS enrollment (CMS-855B) and NPI
  • Employs or contracts NP/APRN, LPN, Medical Director
  • Holds GA professional licenses and malpractice coverage
  • Holds CLIA Certificate of Waiver for each clinic site
  • Physician ownership or supervision required (GA law)
  • Pays management fee to MSO under arm's-length MSA
Clinic Operations
Facility management · LPN clinical support · member transport coordination · community site partnerships
Telehealth Hub
Remote NP supervision via Doxy.me · CCM/APCM/RPM monitoring center · care coordinator team
Billing & Compliance
Commure RCM → Novitas J-6 · CCM documentation audit · OIG 7-element compliance program
Management Services Agreement — Key Terms
Links MSO and Clinical Entity · must be arm's-length fair-market-value
💰
Management Fee
Fixed monthly fee or fixed % of clinical revenue (not % of Medicare billings). Must reflect FMV of services rendered — attorney-drafted FMV opinion required before execution. Typically 25–40% of gross clinical revenue under comparable rural practice benchmarks.
Anti-kickback safe harbor: must be FMV, not referral-based
📋
Services Schedule
Exhaustive list of MSO services: billing, coding, credentialing, facility management, fleet logistics, HR, marketing, tech stack, EHR administration. Attorney-drafted to prevent scope creep and AKS exposure.
⚖️
Clinical Autonomy Clause
MSO has zero authority over clinical decisions, treatment protocols, prescribing, or any patient care activity. Required for CMS condition of participation and GA Medical Board compliance.
CMS and GA Medical Board requirement — non-negotiable
📅
Term & Termination
Typical: 3–5 years with auto-renewal. Termination for cause (90 days notice). Termination for convenience (180 days notice). Change of control provision required before Series A. Transition assistance obligation on termination.
Physician Ownership & Anti-Kickback Analysis
GA requires physician in or supervising clinical entity · Stark + AKS govern MSO equity
GA Requirement: Clinical Entity must have physician ownership, supervision, or be organized under physician direction. GA does not permit NP-owned independent practices. Medical Director must sign and maintain an active Nurse Protocol Agreement.
Stark Law (42 CFR § 411): Prohibits physician referrals to entities in which they have a financial interest, unless a safe harbor applies. If the Medical Director holds any MSO equity, the personal services safe harbor or investment interest exception must be documented by counsel.
Safe Harbor Options: (1) Personal services arrangement — fixed compensation, not volume-based. (2) Investment interest exception — passive investment, no referral relationship documented. (3) Employ MD in Clinical Entity only — no MSO equity at launch. Simplest approach.
Recommended approach: Medical Director contracted or employed by Clinical Entity with fixed fee/salary. No MSO equity until healthcare attorney clears structure. Clean at formation — extremely difficult to unwind later.
Required legal documents (total ~$39K): Entity formation (LLC/Corp + MSO + PC, operating agreements, ~$8K) · Healthcare attorney review (Stark/AKS, Nurse Protocol Agreement, ~$12K) · MSA drafting + FMV opinion (~$6K) · Shareholder agreements + cap table (~$5K) · Financing documents (SAFE + subscription agreement, ~$8K)
Stage 4 · Legal, Compliance & Structure · Section 4.2
CMS Enrollment — Designation & Provider Setup
Confirmed billing model: straight Medicare FFS-PFS via Novitas J-6 with HPSA modifier from Day 1. No RHC designation at launch. PECOS enrollment timeline and clinician credentialing requirements mapped.
§ 4.2CMS PECOS 855B/I/R
Novitas J-6 MAC 2026
HPSA modifier QB/QU
Billing Model — Confirmed: FFS-PFS + HPSA Modifier
Decision made · RHC deferred to Month 18–24 evaluation · FQHC excluded · HPSA modifier applied from Day 1
✓ Confirmed — Launch Model
Medicare FFS-PFS
✓ AWV at full ~$162 HPSA-adjusted NP rate ✓ E&M codes at full 2026 MPFS rates ✓ CCM/APCM/RPM at PFS non-facility rates ✓ No annual CMS-222 cost report burden ✓ No AIR cap on high-value visit types ✓ Fastest path to first claim (PECOS only) + HPSA modifier QB/QU adds ~10% on E&M/AWV/TOC
⏸ Deferred — Month 18–24 Evaluation
RHC Designation
→ All 10 counties are HPSA/MUA qualified → Fixed-location clinics qualify for RHC designation → 2026 AIR: ~$165/visit (vs ~$162 AWV at FFS) → CCM/APCM/RPM same rate either way → Annual CMS-222 cost report required → Evaluate at Mo 18–24 once case mix is known
✗ Excluded — Not Compatible
FQHC Designation
✗ Requires non-profit governance structure ✗ Patient majority community board required ✗ Incompatible with for-profit MSO model ✗ Cannot hold both RHC and FQHC designations ✗ Multi-year HRSA application process
QMB compliance note: Under FFS-PFS, QMB members (~30% of panel) generate Medicare's 80% on visits/diagnostics — the 20% coinsurance is written off entirely per federal law (SSA §1902(n)(3)(B)). SLMB members bill identically to standard FFS. CCM, APCM, and RPM are not subject to patient cost-sharing and are unaffected by QMB status. EHR and billing system must be configured to identify QMB status at intake and suppress coinsurance billing automatically.
CMS PECOS Enrollment — Timeline
File ~90 days before first patient · Novitas J-6 is GA's Medicare Administrative Contractor
1
Obtain NPIs (Type I & II)
Individual NPI (Type I) for each clinician. Group/Org NPI (Type II) for Clinical Entity. NPPES registration — free, 1–2 weeks processing.
Month 1 · ~1–2 weeks
2
EIN / Tax ID Registration
Clinical Entity must have its own Federal EIN (IRS SS-4), separate from MSO EIN. Required before PECOS enrollment. GA LLC formation concurrent.
Month 1 · same-day IRS online
3
CMS-855B — Group Practice Enrollment
Clinical Entity enrolls as group provider. Attach NPI, EIN, GA professional license, malpractice certificate, clinic address (fixed location). Submit via PECOS online portal to Novitas J-6.
Month 1–2 · 60–90 days processing
4
855I/R — Individual Clinician Reassignment
Each NP and MD enrolls individually (855I) and reassigns billing rights to the group (855R). Credentialing documentation required per clinician. NP must have active GA license and active Nurse Protocol Agreement before submitting.
Month 1–2 · concurrent with 855B
5
CLIA Certificate of Waiver
Required before any POC lab testing (i-STAT, urinalysis, rapid tests). Application via CDC/CMS CLIA online. GA DCH performs site survey. Fixed clinic address listed as lab site. Fee: ~$180 every 2 years. Apply concurrent with PECOS.
Month 1–2 · 30–60 days
First Billable Claim Submitted
All enrollment complete. CLIA waiver issued. NP under active Nurse Protocol Agreement. Novitas EDI submitter ID active. EHR live. First clinic visit → first claim submitted → CMS payment arrives 30–45 days later.
Month 3–4 target (Clinic 1 · Habersham)
Clinician Credentialing — GA Requirements
Every billable clinician credentialed before first Medicare patient · GA 2024 rules
RoleGA LicenseCMS EnrollmentSpecial Requirement
NP / APRNBoard of Nursing + Composite Medical Board855I + 855RNurse Protocol Agreement with supervising MD · filed with GA Composite Medical Board · specify telehealth supervision modality
Medical Director (MD)GA Medical Board855I + 855RDEA registration · malpractice insurance · immediately available (phone/telehealth) during all clinical hours · signs Nurse Protocol Agreement
LPNGA Board of NursingNOT independently billableServices bill under supervising NP/MD via incident-to rules · phlebotomy training documented in personnel file
DriverValid GA driver's licenseNot a billing roleBackground check · clean driving record · HIPAA training before transporting members
2024 GA Expansion (eff. July 1, 2024): APRNs may now prescribe specific Schedule II controlled substances (previously prohibited). One physician may supervise up to 8 APRNs/PAs (previously 4). Protocol agreements must be updated to reflect expanded Schedule II authority and higher supervision ratio.
HPSA billing structure — critical: E&M, AWV, and TOC are billed under the supervising MD NPI (not the NP NPI) to capture the 100% physician rate and 10% HPSA bonus. Confirm incident-to supervision structure with billing counsel before first claim. NP billing under their own NPI forfeits the HPSA bonus.
Stage 4 · Legal, Compliance & Structure · Section 4.3
Georgia State Compliance — Complete Regulatory Map
Every Georgia-specific requirement mapped to the fixed-clinic model. NP supervision, CLIA, telemedicine, prescribing, HIPAA, OSHA, and ADA building compliance.
§ 4.3GA Nurse Protocol Act
O.C.G.A. § 43-34-23
GA DCH · CLIA · SB 128
NP / APRN Supervision — Georgia Requirements
Restricted practice state · physician protocol agreement mandatory · no independent practice
📄
Nurse Protocol Agreement
Written agreement between NP and delegating physician. Filed with GA Composite Medical Board before first patient encounter. Each NP needs their own agreement — one agreement per NP, per supervising physician. Must explicitly include telehealth supervision clause for Doxy.me model.
Required before first patient — cannot be retroactive
📞
Physician Immediate Availability
Delegating physician must be immediately available for consultation during all clinical hours. In our model: synchronous telehealth or phone availability. Not required to be on-site at the fixed clinic. "Immediately available" must be defined in the protocol agreement — not just implied.
Define "immediately available" explicitly in protocol agreement
💊
Prescribing Authority (Post July 2024)
NP may prescribe Schedules III–V with DEA number. Schedule II now permitted for specific substances with expanded protocol agreement language. Schedule I prohibited. Non-controlled prescriptions: 12-month refill limit. GA PDMP query required before any controlled substance.
2024 expansion in effect · update protocol agreement language
🔢
Supervision Ratio
One physician may supervise up to 8 APRNs/PAs (updated July 1, 2024, previously 4). Our model at launch: 1 remote MD supervising 1–2 NPs per clinic. Well within limit. Expands to 2nd NP at 550+ members — still within the 8:1 cap.
8:1 ratio effective July 1, 2024
CLIA, Lab & Diagnostics — Fixed Clinic Rules
Certificate of Waiver covers all POC tests · Fixed clinic address is the lab site
🧪
CLIA Certificate of Waiver
Required before any POC lab testing. Application to CMS via CDC CLIA online portal. GA DCH performs site survey of the fixed clinic location. Fee: ~$180 every 2 years. Medical Director named as CLIA lab director at launch. Apply concurrent with PECOS.
Apply at Month 1 — concurrent with PECOS enrollment
🩸
LPN Phlebotomy
GA law permits LPN to draw blood. Phlebotomy training must be documented in personnel file before first blood draw. POC fingerstick (HbA1c, lipid panel) does not require phlebotomy certification. Venipuncture does — confirm training prior to hire.
Permitted · training documentation required in personnel file
💓
ECG Interpretation
LPN may perform 12-lead ECG tracing; NP or MD must provide interpretation and sign the report for billing. Bill CPT 93000 (ECG with interpretation and report). Interpretation must be documented in chart note before claim submission.
LPN performs · NP/MD interprets and bills 93000
🔊
POCUS (Portable Ultrasound)
Point-of-care ultrasound (Butterfly iQ+) is within NP scope in GA if included in the Nurse Protocol Agreement and the NP has documented training/competency. Billing requires interpretation documentation in the chart. Add to protocol at Month 6 when POCUS is introduced.
Must be specified in Nurse Protocol Agreement · add at Month 6 phase-in
Telemedicine & HIPAA — GA Requirements
SB 128 governs GA telehealth · HIPAA mobile encryption mandatory · clinic network isolation required
📹
GA Telemedicine (SB 128)
Telehealth permitted for diagnosis, treatment, and prescribing after provider-patient relationship established (first in-clinic visit). Synchronous audio-video (Doxy.me Pro or Zoom for Healthcare) required for prescribing encounters. Hub-and-spoke NP supervision model is fully compliant.
Hub-and-spoke fixed-clinic model is compliant
🔒
HIPAA — Network & Device Encryption
All clinic devices (workstations, tablets, RPM hubs) must have full-disk encryption (MDM via Rippling). Clinical network VLAN isolated from guest WiFi. BAAs required with: EHR vendor, Commure (RCM/AI), Chronic Care IQ, Tenovi, Bamboo Health, Doxy.me, Proton, Compliancy Group. 60-day breach notification requirement.
BAAs with all vendors required before go-live
🏥
OSHA — Clinical Environments
Bloodborne pathogen standard (29 CFR 1910.1030): sharps containers, PPE available and documented, biohazard waste disposal with licensed hauler (Stericycle, $90/mo), exposure incident procedure in writing. Annual staff training with completion log. OSHA compliance inspection by operations lead before Clinic 1 opens.
Biohazard hauler contract required before first patient
ADA Building Compliance
Fixed clinic must meet ADA requirements before opening: entry ramp (1:12 slope), accessible restroom (60-inch turning radius, grab bars), van-accessible parking, lever door handles, tactile signage. CASp (Certified Access Specialist) review recommended before lease execution.
Required for Medicare enrollment · CASp review before lease
Pre-Launch GA Compliance Checklist
All items required before first patient encounter · order matters
GA Clinical Entity formed with physician ownership/supervisionREQUIRED
Nurse Protocol Agreement(s) filed with GA Composite Medical BoardREQUIRED
CLIA Certificate of Waiver issued for each fixed clinic locationREQUIRED
PECOS enrollment complete (855B + 855I/R) · Novitas J-6 EDI activeREQUIRED
HIPAA BAAs signed with all technology vendorsREQUIRED
OSHA bloodborne pathogen program · biohazard hauler contract activeREQUIRED
Malpractice insurance (NP/MD) · commercial property + general liabilityREQUIRED
ADA compliance confirmed (CASp review) · accessible restroom + entryREQUIRED
EHR live · QMB identification workflow configured · Commure RCM activeREQUIRED
GA CON review — confirm fixed-clinic primary care is exempt from CONFLAG · attorney confirm
Telehealth platform BAA + prescribing consent workflow in EHRFLAG · pre-launch
FWA + HIPAA training completed by all staff (logged in Rippling)BEFORE GO-LIVE
OIG exclusion screening complete for all staff (monthly thereafter)BEFORE GO-LIVE
Stage 4 · Legal, Compliance & Structure · Section 4.4
CMS / Medicare Rules — Billing, Documentation & Telehealth
Federal billing and documentation requirements for every service Spark Senior Health bills. CCM and RPM have the most specific and audit-sensitive standards — non-compliance is a direct revenue risk and audit trigger.
§ 4.4CMS Medicare Claims
Processing Manual
OIG Work Plan 2026
CCM / APCM Billing — Documentation Requirements
99490 / 99487 / G0558 · time log and care plan are the audit tripwires
Written Care Plan (Required for CCM/APCM)
Comprehensive care plan must be created, implemented, and shared with patient before any CCM or APCM billing begins. Must address all chronic conditions, care goals, responsible providers, medication list, and follow-up schedule. Must exist in EHR — not on paper.
Must exist in EHR before first CCM/APCM claim — not retroactively
Patient Consent (Required)
Written or verbal (documented) consent required. Patient informed that only one provider may bill CCM per calendar month. Consent is a condition of payment — if consent is not documented, the claim is invalid. Obtain and document at AWV or first visit before first bill.
Obtain and document at AWV or first visit — before first monthly bill
20-Minute Monthly Time Log (99490) / 60 min (99487)
Every minute of CCM time must be documented with: date, staff name, duration in minutes, specific activity. Activities: phone calls, medication reconciliation, care coordination, RPM data review, referral management. Generic notes are insufficient. Chronic Care IQ auto-logs time from coordinator activity — use it.
Non-Face-to-Face Requirement
CCM time does not require face-to-face contact. Care coordinator phone, EHR task, and coordination time counts. Clinical staff only — administrative-only tasks (scheduling, insurance verification) do not count toward CCM time.
APCM — No Time Threshold Required
APCM (G0558/G0557/G0556) does not require monthly time tracking — billed based on enrollment and active care plan maintenance. This is APCM's primary billing advantage over CCM. Still requires active care plan on file and care plan being actively maintained.
RPM, Telehealth & AWV — Key Rules
Three highest-value billing categories · each with distinct documentation requirements
RPM — Device & Data Requirements
Device must automatically transmit data (no patient self-reporting — this is the hard line). At least 16 days of data per 30-day period for 99454. 2–15 days for new 99445 (2026). Staff review ≥20 min/month for 99457 with documented clinical note. Tenovi server logs serve as device data audit trail — export monthly.
RPM + CCM/APCM Concurrent Billing
Both may be billed in the same month for the same patient when activities are performed separately by different staff or at different times. Time must not be double-counted between CCM and RPM logs. Both care plans should reference each other in EHR documentation.
Medicare Telehealth — Fixed Clinic as Originating Site
Our fixed clinic is a rural originating site. Patient at clinic + NP at remote hub = qualifying rural telehealth encounter. Place of service: 02 (telehealth). GT modifier on professional claims. All 10 Spark Senior Health counties qualify as rural originating sites. This billing structure must be confirmed with billing counsel — the "fixed clinic as originating site" framing is the key CMS compliance point.
Incident-to vs. Independent NP Billing
Incident-to (under MD NPI): 100% Medicare rate + 10% HPSA bonus on qualifying services. Requires MD to have previously seen the patient for the same condition and be immediately available. Independent NP billing: 85% of Medicare rate, no HPSA bonus. Spark Senior Health's model uses incident-to for E&M/AWV/TOC — confirm supervision structure with billing counsel before first claim.
Annual Wellness Visit (G0438/G0439 + G2211)
Initial AWV (G0438): requires Health Risk Assessment, cognitive assessment (MoCA), depression screening (PHQ-9), fall risk screening (STEADI), functional ability + safety. G0439 (subsequent): HRA update + care plan review. Both establish CMS attribution. AWV is the primary CCM/APCM enrollment trigger — document 2+ chronic conditions qualifying the member for CCM/APCM enrollment in the AWV note.
Top OIG Audit Triggers — Rural Fixed-Clinic FFS Practice
2026 OIG Work Plan priorities · proactive mitigation is the defense
🔴 High Risk
CCM Volume vs. Panel Size
High CCM billing relative to patient volume triggers RAC review. Mitigation: document CCM eligibility (≥2 chronic conditions lasting ≥12 months) in every enrolled patient's chart before first CCM bill. Chronic Care IQ eligibility flag is the audit trail.
🔴 High Risk
CCM Time Documentation
The #1 CCM audit failure. EHR must produce a per-patient per-month time log. Generic notes are insufficient — activity-specific documentation required. Chronic Care IQ auto-logs coordinator activity: this is the primary audit defense.
🟡 Medium Risk
Telehealth Billing Ratio
If >60% of claims use telehealth codes, CMS flags for review. Spark Senior Health's model: in-clinic visits at the fixed location are the primary encounter type. Telehealth is the NP supervision modality, not the visit type. Clearly distinguish in billing documentation and POS codes.
🟡 Medium Risk
E&M Upcoding (99214/99215)
High frequency of 99214/99215 for a rural elderly panel triggers review. E&M level must be supported by medical decision complexity (MDM) documented in chart note. Quarterly internal E&M audit recommended. Commure Ambient AI coding suggestions should be validated, not automatically accepted.
🟡 Medium Risk
RPM Without Clinical Review
Billing 99457 without documented staff review of physiologic data is fraudulent. Tenovi dashboard provides timestamped review logs — export monthly as audit support. Care coordinator RPM monitoring time must be documented in EHR alongside device data.
Stage 4 · Legal, Compliance & Structure · Section 4.5
Shareholder Documents — Investor Rights & Governance
The investor rights package and shareholder agreement are the legal backbone of the seed round. These documents define what investors receive, how decisions get made, and how equity is protected through future financing events.
§ 4.5NVCA Model Documents
YC Standard SAFE / Conv. Note
Securities Attorney Required
Investor Rights Package — Seed Stage
Rights granted to seed investors at signing · minimal by design · expands at Series A
Information Rights
📊
Quarterly Financial Reporting
Unaudited P&L, balance sheet, and cash position each quarter-end. Includes portfolio member count, clinic-level EBITDA, and cash runway. Standard for seed-stage SAFE holders.
📋
Annual Audited Financials
Full GAAP audit required at Series A. At seed stage, annual unaudited financials are acceptable — triggers upgrade to audited at the first institutional priced round. Audit firm selected by board.
📁
Material Event Notification
Investors notified of material developments: key executive departures, CMS audit initiation, regulatory actions, litigation above $50K threshold, or any event reasonably likely to affect the business.
Governance Rights
👁️
Board Observer Right — Lead Investor
Lead investor (largest check) receives non-voting board observer seat. Right to attend all board meetings, receive board materials, and ask questions — but no vote. Does not create liability exposure. Observer right terminates if investor's stake falls below 5%.
Pro-Rata Right at Series A
Each seed investor has the right (not obligation) to participate in Series A at their pro-rata ownership percentage. Prevents dilution without consent. Standard YC SAFE provision — investors can maintain their percentage through the first priced round.
Shareholder Agreement — Protective Provisions
Governs equity transfers, sale events, and founder protections · attorney-drafted required
Transfer Controls
🔒
Transfer Restrictions
No shareholder may transfer, sell, or assign equity without prior board approval. Prevents equity from reaching competitors, undisclosed third parties, or entities that could create CMS enrollment conflicts. Board has 30 days to approve or reject any proposed transfer.
🏦
Right of First Refusal (ROFR)
Before any shareholder sells their stake to a third party, the company and then existing shareholders have the right to purchase at the same price and terms. Prevents hostile or unwanted outside ownership. ROFR order: company first, then pro-rata among existing investors.
Sale Event Provisions
📌
Tag-Along Right
If founders sell their shares, investors have the right to "tag along" and sell their stake on the same terms and at the same price. Protects investors from being left behind if founders exit. Applies to any sale representing more than 10% of outstanding shares.
🔗
Drag-Along Right
If a supermajority of shareholders (typically 65–70%) vote to sell the company, they can compel all remaining shareholders to participate in the sale at the same price. Prevents a small minority from blocking a strategically approved exit. Required for any clean M&A process.
Founder Protections
Vesting Acceleration — Single Trigger
On a company acquisition or change of control, all unvested founder shares accelerate to fully vested immediately. Protects founders from being acquired mid-vest with unvested equity captured by the acquirer. Standard in healthcare exits — confirm with securities attorney before signing.
Stage 4 · Legal, Compliance & Structure · Section 4.6
Risk, Audit & Compliance Program — OIG 7-Element Framework
A formal compliance program is not optional — it is both a CMS expectation and an investor confidence signal. Spark Senior Health's program is built on the OIG 7-element framework. Compliancy Group manages BAAs and audit readiness at $400/month.
§ 4.6OIG Compliance Guidance
False Claims Act 31 U.S.C. § 3729
7-Element Framework
OIG 7-Element Compliance Program
Required structure for any Medicare-billing provider · investor signal of operational maturity
1
Written Policies & Procedures
Billing compliance manual: CCM/APCM documentation standards, RPM review protocol, E&M coding guidelines, HPSA modifier application, incident-to supervision rules, HIPAA privacy procedures. Updated annually. Stored in Notion SOP library.
Required pre-launch · Compliancy Group assists with HIPAA portion
2
Designated Compliance Officer
Responsible for oversight of compliance program. At launch: fractional compliance officer ($9,600/yr via MSO ops budget). Post-Series A: Compliance & Regulatory Officer hired full-time (Y2 MSO named role at $148,438 loaded). Reports directly to board, not billing staff.
3
Effective Training & Education
FWA (Fraud, Waste & Abuse) and HIPAA training required for all staff before any patient contact. Annual refresher. CCM/RPM-specific documentation training for clinical staff. Training completion logged in Rippling HR platform — OIG exclusion screening monthly for all staff.
FWA training before first patient encounter — non-negotiable
4
Open Lines of Communication
Anonymous reporting channel (hotline or web form). Non-retaliation policy in employee handbook. Staff must feel safe reporting documentation concerns without fear of job loss. Qui tam risk is real — an employee who sees upcoding and cannot safely report internally will report to OIG instead.
5
Internal Auditing & Monitoring
Quarterly chart review: minimum 10 CCM records + 10 E&M records per quarter. Monthly RPM data review audit. Results reported to compliance officer. Issues remediated within 30 days. EHR must support audit report generation — confirm with EHR vendor before PECOS enrollment.
EHR must support audit report export — confirm with vendor
6
Disciplinary Standards
Written policy: intentional upcoding = immediate termination. Unintentional documentation deficiencies = retraining + 30-day supervised review. Repeat errors = performance improvement plan. All disciplinary actions documented in Rippling HR platform.
7
Responding to Detected Problems
If audit finds systemic overbilling: voluntary self-disclosure to Novitas within 60 days, repayment plan, corrective action documented. Voluntary disclosure significantly reduces False Claims Act exposure. Document everything. Never ignore an anomalous billing pattern.
Audit Response Playbook
Three audit types · response timing is critical · never ignore
Prepayment Review
Claim held before payment
Submit supporting documentation within 45 days. Common for new CCM billers. Typically resolved within 60 days with correct documentation. Commure RCM flags these automatically.
RAC Audit (Post-Payment)
Retrospective claim review
45-day response window. Pull chart documentation. If valid: contest with appeal. If invalid: repay and self-report. Never ignore a RAC letter — non-response is deemed admission.
OIG Investigation
Systemic fraud allegation
Immediately retain healthcare defense attorney. Do not respond directly to OIG. Document all communications. Compliance program is primary defense — demonstrates good-faith.
Documentation Retention & Records
CMS minimum 7 years · GA state law 10 years · use the stricter standard
Clinical records (all encounters)10 years (GA O.C.G.A. § 31-33-2)
CCM/APCM time logs per patient7 years (CMS minimum)
RPM device data & review logs7 years (CMS minimum)
Nurse Protocol AgreementsDuration + 7 years
Billing records & claim submissions7 years (CMS minimum)
Compliance training completion logsDuration of employment + 5 years
Storage standardEncrypted · HIPAA-compliant cloud · offsite backup
False Claims Act — The Real Risk
The False Claims Act (31 U.S.C. § 3729) imposes treble damages + $27,000–$54,000 per false claim on providers who knowingly bill Medicare incorrectly. "Knowingly" includes deliberate ignorance — a documented compliance program is your evidence of good faith. Whistleblower (qui tam) provisions mean any employee can file an FCA suit and receive 15–30% of recovery. The anonymous reporting channel and non-retaliation policy are not just ethical — they are legally protective. An employee who sees a billing problem and can safely report it internally will not report it to the OIG.
Stage 4 · Legal, Compliance & Structure · Summary
Stage 4 Key Decisions & Open Items
Legal and compliance architecture fully established. Six sections covering entity structure, CMS enrollment, Georgia compliance, billing rules, investor rights & governance, and audit defense. Three open items require professional review before investor distribution.
Stage 4 Summary
6 sections complete
2
Entities required · MSO (Delaware) + Clinical Entity (Georgia)
FFS-PFS
Confirmed billing model · HPSA modifier QB/QU from Day 1
~Mo 3–4
First billable claim · after 60–90 day PECOS processing + EHR go-live
8:1
Max physician-to-NP supervision ratio · GA 2024 update (was 4:1)
7
OIG compliance elements · all required pre-launch · Compliancy Group assists
10 yr
Record retention · GA medical records law (stricter than CMS 7-year minimum)
Stage 4 Chapter Recap
Six sections · what was established
4.1MSO Structure — Delaware MSO (investor equity) + Georgia Clinical Entity (CMS provider number). MSA required at FMV — no % of Medicare billings. Physician in Clinical Entity: contract or employ MD, no MSO equity at launch. Anti-kickback safe harbor documentation required. Legal formation budget ~$39K.
4.2CMS Enrollment — FFS-PFS Confirmed. Straight Medicare FFS-PFS + HPSA modifier QB/QU from Day 1. No RHC at launch (deferred to Mo 18–24). PECOS 855B + 855I/R · CLIA Certificate of Waiver · file 90 days before first patient. Incident-to billing under MD NPI captures 100% rate + 10% HPSA bonus — confirm with billing counsel before first claim.
4.3GA Compliance — Restricted NP practice state (no independent NP authority). Nurse Protocol Agreement mandatory — must specify telehealth supervision clause for Doxy.me model. 2024 expansion: Schedule II prescribing + 8:1 supervision ratio. ADA compliance required before first patient. 13-item pre-launch checklist fully mapped.
4.4CMS/Medicare Rules — CCM documentation (care plan + consent + monthly time log) is the #1 audit risk. Chronic Care IQ auto-logs time — primary audit defense. APCM has no time threshold — billing advantage. RPM requires automatic device transmission + documented staff review. Top 5 OIG triggers mapped for rural fixed-clinic FFS practice.
4.5Investor Rights & Shareholder Agreement — Seed investor rights: quarterly reporting, material event notification, board observer (lead investor), pro-rata right at Series A. Shareholder agreement: transfer restrictions, ROFR, tag-along, drag-along (65%+ supermajority), single-trigger acceleration on acquisition.
4.6Compliance Program — OIG 7-element framework. FWA + HIPAA training before go-live. Fractional compliance officer at launch ($9.6K/yr); dedicated Y2 hire. Quarterly chart review (10 CCM + 10 E&M). Compliancy Group ($400/mo) manages HIPAA program. FCA treble damages risk mitigated by documented good-faith program.
Open Items — Require Legal Professionals
⚖️
Healthcare Attorney — Entity Formation & MSA
MSO/Clinical Entity formation, MSA fee terms and FMV opinion, anti-kickback Stark analysis on physician equity, Nurse Protocol Agreement language (especially telehealth supervision clause), and GA CON exemption confirmation for fixed-clinic primary care. Estimated: $15–25K for complete formation package. Non-negotiable before first investor or first patient.
🔒
Securities Attorney — SAFE or Convertible Note & Cap Table
Phase 1 SAFE or convertible note terms, valuation cap, discount rate, and MFN clause must be reviewed by a securities attorney before any investor documents are signed or funds received. Cap table percentages and ESOP size are illustrative — finalize in negotiation with founding investors, not in the investment book. Estimated: $5–10K for documentation.
🏥
Billing Counsel — HPSA Incident-to Structure
The HPSA 10% bonus and 100% rate require billing under the supervising physician NPI (incident-to). This billing structure must be confirmed with healthcare billing counsel before first claim submission — it is the highest-value billing assumption in the financial model. If the NP bills independently, both the HPSA bonus and the 15% rate premium are forfeited.
Next → Stage 5
Operations & Business Processes
HR management · hiring sequence · clinic operations · daily clinical workflow · community partnerships · visual deliverables