Federal and Texas State Policy for Healthcare Providers
If you have been practicing in Texas for a while, you already know that healthcare rules are anything but simple. I hear this almost every week from clients. Everyone tells me the same thing. They feel like they are trying to run a practice while an invisible cloud of regulations, statutes, board rules, and payer requirements hovers overhead. One wrong move and suddenly there is a letter from a licensing board or a payer asking questions no one wants to deal with.
Trust me, I get it. I have helped so many physicians, nurses, med spa owners, and other healthcare professionals across Texas sort through these issues. And every time someone walks into my office or calls me on a stressful day, the first thing they say is usually something like, I just need someone to explain this in a way that makes sense. That is exactly what I will do here. Think of this as a conversation between us. You, me, and the reality of what federal and Texas rules expect from healthcare providers who are just trying to do good work and stay compliant.
So let’s take this step by step. I am going to walk you through the entire regulatory landscape, using the same explanations I use with my clients. No stiff legal talk. No overly complicated jargon. Just clear, honest guidance from someone who has seen almost every compliance problem you can imagine.
Understanding the Regulatory Framework
Before we dive in, let me share something I often tell my clients. Healthcare law is not one big rulebook. It is more like several books sitting on top of each other. You have federal laws at the bottom. Then Texas statutes and board rules stacked on top. Then payer requirements. Then internal practice policies. Then industry standards. If even one layer is off, everything becomes unstable.
Once you understand how the layers fit together, everything becomes much easier to manage. So let’s look at the federal layer first, because it sets the foundation.
Key Federal Laws Affecting Texas Healthcare Providers
When someone calls me because they are opening a new practice or launching a med spa or setting up a telemedicine platform, we always talk about federal rules before anything else. These are the laws that apply to every provider in every state, no matter your specialty, setting, or patient base.
Here are the big ones and what they mean in real-world terms.
HIPAA and HITECH
You probably already know HIPAA deals with patient privacy. But what most people forget is that HIPAA is not just about telling staff not to gossip about patients. HIPAA covers administrative safeguards, physical safeguards, electronic records, breach notification requirements, and even how your website contact forms collect patient information.
I cannot tell you how many times I have had a client say, I thought we were fine because we used a standard EMR. And then we discover that someone emailed PHI through a personal email account or stored photos of patients on a personal device, or shared access credentials, or failed to encrypt telemedicine transmissions.
HITECH expanded HIPAA by adding requirements for electronic records and breach reporting. It also increased penalties. Even small practices and med spas get hit with these penalties when they do not expect it. A single lost laptop, a stolen phone, a misdirected fax. That is all it takes.
Stark Law
Stark Law deals with physician self-referral, meaning a physician cannot refer Medicare or Medicaid patients to an entity they have a financial relationship with unless a specific exception applies.
You would be shocked at how easy it is to trigger this rule. Sometimes it is as simple as referring someone to a diagnostic lab you partly own, or a spouse’s imaging center, or even renting space from an entity that bills for services. People do not usually mean to violate Stark. It tends to happen because providers assume something is allowed if it feels harmless.
And here is the tricky part. Stark is a strict liability law. That means your intentions do not matter. Even honest mistakes count.
Anti Kickback Statute
If you ever hear me talk about AKS with clients, you will hear me compare it to quicksand. You might think you are standing on safe ground, but if you take one small step in the wrong direction, you sink fast.
The Anti Kickback Statute makes it illegal to offer, receive, or even solicit anything of value if it is meant to influence referrals involving federal healthcare programs. We are not just talking about cash payments. It can be discounts, rent breaks, free services, marketing arrangements, shared profits, or even gifts.
Medical spas run into this a lot because they think cash pay services insulate them. But if they offer anything billable to Medicare or Medicaid on the side, they still fall under AKS.
False Claims Act
This is the law behind many of the huge healthcare settlements we see in national headlines. But here is the thing. The False Claims Act does not only target major hospital systems. It also applies to small clinics, solo practices, and anyone who submits claims to a government payer.
Billing errors. Poor documentation. Upcoding. Missing modifiers. Using the wrong NPIs. A coder misunderstanding new rules. Those are the kinds of mistakes that snowball into FCA exposure. I once helped a provider who faced scrutiny simply because their EMR system defaulted to a higher level of service than intended.
No one likes dealing with government audits, but catching problems early makes a world of difference.
FTC and FDA Enforcement
Anytime you advertise healthcare services, you enter the world of FTC scrutiny. This is especially true for med spas, wellness practices, weight loss clinics, hormone therapy providers, and anyone offering cosmetic or aesthetic services.
If you use before and after photos, claim your treatment does something medical, describe your staff in a certain way, or reference a device the wrong way, the FTC may step in.
The FDA regulates medical devices, drugs, lasers, and even some wellness equipment. I have seen several cases where a med spa purchased a device online without realizing it required physician oversight under FDA rules.
DEA Compliance
If you prescribe controlled substances, the DEA expects extremely precise recordkeeping. They care about everything. Storage. Logs. Security. Prescription patterns. Refill histories. Even how you track expired drugs.
Even one missing entry in a controlled substance log can lead to a full audit. And once the DEA opens a file on your practice, they tend to look at everything.
Texas State Requirements for Healthcare Providers
Now let us move to the Texas layer. Texans love doing things our own way, and our healthcare regulations reflect that. Providers here face rules that many other states do not have at all.
Here are the major Texas laws and rules you absolutely need to understand.
Texas Occupations Code
The Occupations Code defines who can do what in a medical setting. It lays out scope of practice for physicians, PAs, APRNs, RNs, NPs, and other licensed professionals.
It also explains delegation. Supervision. Collaborative agreements. Prescriptive authority. Protocols. And let me tell you, Texas takes these concepts seriously. I cannot count how many times a med spa has gotten into trouble for improperly delegating laser treatments or injectables.
Texas Medical Board and Texas Board of Nursing Rules
The boards regulate things such as:
- how telemedicine must be delivered
- required protocols
- documentation standards
- facility expectations
- standing delegation orders
- disciplinary procedures
If someone files a complaint, these rules become very real very fast. Even if you did nothing intentionally wrong, the board process can be emotionally exhausting.
Texas Health and Safety Code
This code covers:
- medical records
- consent
- infection control
- aesthetic and laser device regulations
- public health reporting
Aesthetic device rules often surprise people. Many assume lasers and similar devices are just equipment. But Texas treats them as medical devices, which means rules apply even if you operate a cash pay med spa.
Texas Medicaid Policy
Anyone who accepts Medicaid must comply with detailed rules for billing, credentialing, documentation, and fraud prevention. Medicaid audits are known for being thorough. They often pull years of records at once.
Corporate Practice of Medicine Rules
This is the big one for med spas and aesthetic practices.
Texas does not allow non physicians to own or control medical practices or exercise control over medical judgment. That means many common business structures you see online are not allowed here.
If you operate a med spa, concierge practice, lifestyle clinic, wellness center, or weight loss clinic, you must follow CPOM requirements. Many owners think they are compliant because they used an MSO model they found online. Then they come to me after learning that their structure violated Texas law and may have exposed their practice to investigation.
Good news is that these structures can often be fixed, but the sooner the better.
Common Compliance Risks for Texas Healthcare Providers
Over the years, I have seen the same problems come up again and again. These are the issues that trigger investigations or audits most often.
- improper delegation
- lack of supervision in telehealth or aesthetic settings
- incomplete consent forms
- privacy mistakes
- providers using titles they are not allowed to use
- ownership structures that violate CPOM
- fee splitting
- referral arrangements that cross Stark or AKS lines
- sloppy documentation
- billing errors
- poor recordkeeping
- mishandling of patient photos
- improper website claims
The frustrating part is that most of these problems are preventable. You just need the right compliance guardrails in place.
Frequently Asked Questions
Q. Do federal rules apply to every Texas healthcare provider?
A. Yes. Federal laws such as HIPAA, HITECH, Stark, AKS, and the False Claims Act apply no matter your specialty, facility type, or ownership structure. Texas rules sit on top of the federal layer, but the federal foundation always applies.
Q. Does HIPAA apply to medical spas and cash-pay settings?
A. Absolutely. If your business handles PHI in any way—forms, photos, messages, EMRs, portals, or intake systems—you must follow HIPAA. Cash-pay models do not remove privacy duties.
Q. What is the most common federal issue providers face?
A. Privacy mistakes and billing errors. Things like unsecured devices, shared logins, missing modifiers, or poorly configured EMRs cause many avoidable problems.
Q. How strict are Stark Law and the Anti Kickback Statute?
A. Very. Stark is a strict liability, meaning intent does not matter. AKS applies to anything of value tied to referrals involving federal healthcare programs. Even small arrangements can trigger concerns.
Q. What Texas rules surprise providers the most?
A. Aesthetic device rules, delegation limits, and CPOM restrictions. Many med spas and wellness clinics do not realize that lasers, injectables, and similar procedures are treated as medical services under Texas law.
Q. Who enforces complaints against providers in Texas?
A. Mainly the Texas Medical Board, Texas Board of Nursing, and Texas Health and Human Services. Once a complaint is filed, these agencies review records, protocols, supervision, and documentation.
Q. What are common mistakes that trigger Texas investigations?
A. Improper delegation, weak supervision, incomplete consent forms, improper titles, privacy lapses, sloppy documentation, fee-splitting arrangements, and advertising language that overreaches.
Q. Do telemedicine rules differ in Texas?
A. Yes. Texas has its own requirements for protocols, supervision, assignments, and documentation. These rules apply to both established practices and new virtual clinics.
Q. What should a provider do if they receive a board letter or audit notice?
Do not respond alone. These agencies often request large amounts of information. A well-planned response protects your license and prevents unnecessary issues.
Q. When should a provider ask for legal help?
A. Anytime you face a new business model, partnership, employment deal, device purchase, delegation question, advertising change, or ownership structure shift. Early review prevents avoidable problems.
How Brewster Law Firm Supports Healthcare Providers
When someone comes to us, we do not hand them a generic checklist. We create a plan that fits their setting and their goals.
Some of the services we provide include:
- regulatory compliance audits
- HIPAA and privacy program setup
- MSO and CPOM safe structuring
- contract and compensation reviews
- reviewing staff titles and advertising language
- updating websites for compliance
- telemedicine policy alignment
- responses to board complaints
- new practice formation
- credentialing support
- ongoing compliance monitoring
Many clients tell me they simply want to practice medicine without constantly worrying that they missed a rule somewhere. That is what we help them do.
Protect Your Practice With Reliable Healthcare Counsel
Compliance does not have to feel overwhelming. Once you understand the rules and have the right systems in place, everything becomes much more manageable. You deserve to run your practice confidently, knowing your license, your revenue, and your reputation are protected.
If you ever feel unsure about a regulation or want a second set of eyes on your structure, policies, or advertising, reach out. My team and I at the Brewster Law Firm are here to help you navigate the complex world of federal and Texas healthcare law with clarity and confidence.