Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

casemark/cpom-compliance

Name: cpom-compliance
Author: casemark

skills/legal/cpom-compliance/SKILL.md

npx skillsauth add casemark/skills cpom-compliance

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Corporate Practice of Medicine Compliance

Drafts a regulatory compliance framework ensuring lawful separation of corporate ownership from medical practice under CPOM doctrine.

Prerequisites

Gather before drafting:

Entity details — structure, state(s) of operation, healthcare sectors (medical, dental, optometry, telemedicine, PT)
Existing agreements — MSA/MSO arrangements, physician employment contracts, governance documents
Jurisdictional scope — all states where entity operates or plans to expand
Business model — revenue structure, physician compensation methodology, admin service arrangements

Document Structure

1. Introduction & Scope

Define CPOM doctrine and application to the entity
State jurisdictions covered
Identify violation consequences: license revocation, contract voidability, criminal prosecution, civil fines

2. State-Specific CPOM Analysis

Produce a jurisdictional matrix covering: state, prohibition level (strict/moderate/permissive), key statute, exemptions, enforcement pattern.

Limit to entity's actual operational footprint — no generic 50-state surveys unless requested
Note sector-specific variations (telemedicine, dental, optometry, PT face different scrutiny)
Flag recent legislative changes
Mark uncertain citations with [VERIFY]

3. Compliant Organizational Structures

Compare models:

| Structure | Physician Control | Risk | Best For | |-----------|------------------|------|----------| | PC/PA | Full ownership + governance | Low | Single-state practices | | MSO + PC | PC controls all clinical decisions | Low-Med | Multi-state platforms | | Friendly PC | Nominal — high regulatory scrutiny | High | Avoid unless carefully structured | | PPM | Shared governance | Medium | Large physician groups |

For each: governance requirements, operational boundaries, de facto control scrutiny factors, selection criteria.

Friendly PC warning: Never present as low-risk. Always flag for heightened scrutiny.

4. Management Services Agreement (MSA) Architecture

MSO-permissible: billing, collections, revenue cycle, non-physician HR, facility management, IT, marketing, financial reporting.

Reserved to physician entity (non-delegable):

Clinical decision-making and patient care protocols
Physician hiring, credentialing, supervision, termination
Fee-setting for medical services
Patient acceptance, treatment, referral, discharge
Quality standards and peer review

Required MSA provisions: FMV compensation (no clinical-outcome incentives), physician exit rights, physician final authority on clinical matters, mutual CPOM compliance obligations, FMV documentation defensible under AKS/Stark, independent audit rights.

5. Operational Compliance Checklist

Cover these control points with responsible party and frequency:

Physician hiring/credentialing — PC makes all final decisions
Clinical protocols — developed by physicians without MSO interference
Fee setting — PC independently determines charges
Patient care decisions — no MSO influence on acceptance, treatment, referral, discharge
Marketing — accurately represents physician-owned nature of practice
Board minutes — separate PC and MSO minutes documenting independent decision-making
Approval workflows — clear audit trail showing physician authority

6. Training, Monitoring & Enforcement

Training: physicians, admin staff, executives — governance responsibilities, authority boundaries, legal risks (onboarding + annual)
Monitoring: quarterly MSA audits, annual decision-making review, annual FMV assessment, anonymous reporting channel (whistleblower-protected)
Enforcement escalation: corrective action plan → structural modification → relationship termination

7. Risk Assessment & Mitigation

Address: regulatory penalties, contract voidability, qui tam/FCA exposure, reputational harm, discovery of violations.

Include self-disclosure decision framework: weigh severity, duration, patient harm, cooperation credit, jurisdiction-specific voluntary disclosure programs.

8. Conclusion & Authorization

Reaffirm ongoing compliance obligation with annual review
Review triggers: operational changes, new jurisdictions, legislative updates, enforcement actions
Signature blocks: business entity rep, physician entity leadership, legal counsel, effective date + next review

Critical Checks

All citations must be verified for current validity; mark uncertain with [VERIFY]
Address federal overlay (AKS, Stark Law, OIG guidance) alongside state CPOM — never analyze CPOM in isolation
Friendly PC arrangements always flagged for heightened scrutiny
Structure document for dual audience: legal/regulatory reviewers and operational implementers
Reference OIG compliance program guidance and MGMA best practices where applicable

casemark/cpom-compliance

skills/legal/cpom-compliance/SKILL.md

Drafts Corporate Practice of Medicine (CPOM) compliance structure documents for healthcare entities. Covers compliant organizational models (PC/PA, MSO, friendly PC), MSA architecture, operational compliance checklists, and state-specific regulatory analysis. Use when structuring healthcare operations, reviewing CPOM compliance, drafting MSO/MSA arrangements, or advising on physician practice ownership in CPOM-restricted jurisdictions.

21 stars

testing

Updated May 27, 2026

$ install --global

skillsauth

npx skillsauth add casemark/skills cpom-compliance

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 27, 2026, 3:42 AM155.9s1 file scanned

SKILL.md

name:: cpom-compliance
language:: en
description:: Drafts Corporate Practice of Medicine (CPOM) compliance structure documents for healthcare entities. Covers compliant organizational models (PC/PA, MSO, friendly PC), MSA architecture, operational compliance checklists, and state-specific regulatory analysis. Use when structuring healthcare operations, reviewing CPOM compliance, drafting MSO/MSA arrangements, or advising on physician practice ownership in CPOM-restricted jurisdictions.

Corporate Practice of Medicine Compliance

Drafts a regulatory compliance framework ensuring lawful separation of corporate ownership from medical practice under CPOM doctrine.

Prerequisites

Gather before drafting:

Entity details — structure, state(s) of operation, healthcare sectors (medical, dental, optometry, telemedicine, PT)
Existing agreements — MSA/MSO arrangements, physician employment contracts, governance documents
Jurisdictional scope — all states where entity operates or plans to expand
Business model — revenue structure, physician compensation methodology, admin service arrangements

Document Structure

1. Introduction & Scope

Define CPOM doctrine and application to the entity
State jurisdictions covered
Identify violation consequences: license revocation, contract voidability, criminal prosecution, civil fines

2. State-Specific CPOM Analysis

Produce a jurisdictional matrix covering: state, prohibition level (strict/moderate/permissive), key statute, exemptions, enforcement pattern.

Limit to entity's actual operational footprint — no generic 50-state surveys unless requested
Note sector-specific variations (telemedicine, dental, optometry, PT face different scrutiny)
Flag recent legislative changes
Mark uncertain citations with [VERIFY]

3. Compliant Organizational Structures

Compare models:

For each: governance requirements, operational boundaries, de facto control scrutiny factors, selection criteria.

Friendly PC warning: Never present as low-risk. Always flag for heightened scrutiny.

4. Management Services Agreement (MSA) Architecture

MSO-permissible: billing, collections, revenue cycle, non-physician HR, facility management, IT, marketing, financial reporting.

Reserved to physician entity (non-delegable):

Clinical decision-making and patient care protocols
Physician hiring, credentialing, supervision, termination
Fee-setting for medical services
Patient acceptance, treatment, referral, discharge
Quality standards and peer review

5. Operational Compliance Checklist

Cover these control points with responsible party and frequency:

Physician hiring/credentialing — PC makes all final decisions
Clinical protocols — developed by physicians without MSO interference
Fee setting — PC independently determines charges
Patient care decisions — no MSO influence on acceptance, treatment, referral, discharge
Marketing — accurately represents physician-owned nature of practice
Board minutes — separate PC and MSO minutes documenting independent decision-making
Approval workflows — clear audit trail showing physician authority

6. Training, Monitoring & Enforcement

Training: physicians, admin staff, executives — governance responsibilities, authority boundaries, legal risks (onboarding + annual)
Monitoring: quarterly MSA audits, annual decision-making review, annual FMV assessment, anonymous reporting channel (whistleblower-protected)
Enforcement escalation: corrective action plan → structural modification → relationship termination

7. Risk Assessment & Mitigation

Address: regulatory penalties, contract voidability, qui tam/FCA exposure, reputational harm, discovery of violations.

Include self-disclosure decision framework: weigh severity, duration, patient harm, cooperation credit, jurisdiction-specific voluntary disclosure programs.

8. Conclusion & Authorization

Reaffirm ongoing compliance obligation with annual review
Review triggers: operational changes, new jurisdictions, legislative updates, enforcement actions
Signature blocks: business entity rep, physician entity leadership, legal counsel, effective date + next review

Critical Checks

All citations must be verified for current validity; mark uncertain with [VERIFY]
Address federal overlay (AKS, Stark Law, OIG guidance) alongside state CPOM — never analyze CPOM in isolation
Friendly PC arrangements always flagged for heightened scrutiny
Structure document for dual audience: legal/regulatory reviewers and operational implementers
Reference OIG compliance program guidance and MGMA best practices where applicable

Related Skills

casemark/skills/legal/automated-contract-summary

development

VerifiedTrustedCommunity

name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term

21SKILL.mdUpdated May 26, 2026

casemark/skills/legal/automated-contract-summary

casemark/obligation-mapping

tools

VerifiedTrustedCommunity

Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.

21SKILL.mdUpdated May 25, 2026

casemark/obligation-mapping

casemark/horizon-scanning

development

VerifiedTrustedCommunity

Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.

21SKILL.mdUpdated May 25, 2026

casemark/horizon-scanning

casemark/gap-analysis

testing

VerifiedTrustedCommunity

Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.

21SKILL.mdUpdated May 25, 2026

casemark/gap-analysis

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/casemark/skills.git

# Copy into Claude Code skills folder (global)
cp -r skills/skills/legal/cpom-compliance ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

casemark/skills

21 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT