Skip to main content
Program · Quarterly compliance attestationsTwo attestations · One cadence

The quarterly attestation
that keeps a clinic defensible.

A written, on-the-record review — every quarter, every location, every provider — that confirms the operation still matches what its contracts, protocols, and state rules require. If a state board, malpractice carrier, or diligence team asks, this is the paper trail.

Attestation 1 · Location

Location attestation — 7 operational domains.

Completed by each location's owner of record. Every line answered YES, NO, or N/A — every NO explained. Citations are for education, not legal advice.

Section 1

Entity Structure & Corporate Compliance

Regulatory basis: State corporate practice of medicine doctrine; PC/MSO and fee-splitting statutes.

  • Approved PC/MSO structure with no unreported physician-ownership change
  • Executed, current MSA on file with fair-market-value management fees
  • Clinical decisions, hiring, and medical record controlled by the licensed practice

Section 2

Clinical Leadership & Oversight

Regulatory basis: State medical and nursing practice acts; supervision, delegation, and provider-patient relationship rules.

  • Named Medical Director met with the clinical team this quarter
  • Medical Director reviewed and approved current clinical protocols
  • Standing orders, supervision, delegation, and CPAs current and on file
  • Provider-patient relationship established before treatment or prescribing, including telehealth

Section 3

Clinical Protocols & Standard of Care

Regulatory basis: Applicable standard of care; scope-of-practice law; adverse-event reporting.

  • Operating under current approved clinical protocols
  • No unauthorized, location-authored, or 'custom' protocols in use
  • Emergency and adverse-reaction procedures in place with staff trained
  • All adverse events, complications, and incidents documented and reported

Section 4

Staffing, Licensure & Scope of Practice

Regulatory basis: State licensing boards; scope, supervision, and collaborative-practice requirements; malpractice.

  • Active, unrestricted licenses and current CE for all clinical staff
  • All staff operating within authorized scope
  • Current CPAs where applicable; supervision/delegation ratios met
  • Active malpractice coverage meeting requirements

Section 5

Patient Consent & Documentation

Regulatory basis: Informed-consent doctrine; state medical record content and retention rules.

  • Treatment-specific informed consent obtained and documented
  • Complete patient records: consent, history, evaluation, treatment notes
  • Secure storage and retention per policy and applicable law

Section 6

Privacy & Security (HIPAA / State)

Regulatory basis: HIPAA 45 C.F.R. Parts 160 & 164; state privacy laws such as California CMIA.

  • Current privacy/security policies and required training completed
  • Administrative, physical, and technical safeguards in place across EHR and telehealth
  • Executed BAAs with vendors touching PHI
  • Any suspected breach identified, mitigated, and reported within timelines

Section 7

Medications & Supplies

Regulatory basis: State pharmacy boards; Controlled Substances Act, 21 U.S.C. 801 et seq.; USP <797>/<800>; FDCA §503A/503B.

  • Sourced from licensed, approved vendors and pharmacies
  • Storage, handling, inventory, cold chain per standards
  • Controlled substances secured, logged, and prescribed per DEA and state PDMP

Attestation 2 · Provider

Individual provider attestation — 5 personal confirmations.

Completed each quarter by every clinical provider. Personal accountability for licensure, protocol adherence, Medical Director engagement, safety, and conduct.

Section 1

Licensure & Credentialing

  • Current, active, unrestricted license in every state of practice
  • No pending discipline, investigation, restriction, charge, or sanction
  • Current certifications (BLS/ACLS, DEA where applicable), CE, and malpractice coverage
  • Practice notified of any change to license status, name, sanctions, or contact

Section 2

Clinical Practice & Standard of Care

  • Reviewed current protocols this quarter and followed them for every patient
  • No custom or self-authored protocols created or used
  • Provider-patient relationship established before treatment or prescribing, including telehealth
  • Practiced within authorized scope; adequately trained for every procedure performed

Section 3

Medical Director / Supervision Engagement

  • Knows who the supervising/collaborating Medical Director is and how to reach them
  • Communicated with Medical Director as often as required this quarter
  • Medical Director available for consultation and case escalation
  • Escalated clinical questions or concerns when appropriate

Section 4

Patient Safety, Consent & Documentation

  • Treatment-specific informed consent obtained and documented before each service
  • Every encounter documented completely and contemporaneously
  • All adverse events, complications, and incidents documented and reported
  • Medications and controlled substances handled per DEA and state law

Section 5

Privacy, Conduct & Operations

  • HIPAA and state privacy rules followed across EHR, messaging, and telehealth
  • Professional and appropriate conduct with patients and staff
  • Complaints, concerns, or unsafe conditions escalated per policy

How the cycle runs

Five steps, every quarter.

  1. Step 1

    Distribute the two attestations

    Send the Location Attestation to each site's leadership and the Individual Provider Attestation to every clinician at the start of the quarter.

  2. Step 2

    Complete every line

    Answer YES, NO, or N/A on every item. Every NO requires a written explanation in the section's notes box.

  3. Step 3

    Sign and submit

    Owner of record signs the Location Attestation; each provider signs their own. Submit via secure upload.

  4. Step 4

    Review and open corrective actions

    Compliance lead reviews within 10 business days, opens corrective-action items with owners and due dates, and issues a findings memo.

  5. Step 5

    Close the loop next quarter

    Prior-quarter corrective actions are re-verified in the next attestation cycle before new items are accepted.

FAQ

Questions clinic owners ask about the program.

What is a quarterly compliance attestation program?

+

A quarterly compliance attestation program is a documented, cadenced self-review process where each clinic location and every clinical provider confirms — in writing, on the record — that the operation is still running the way its contracts, protocols, and state rules require. Camino's program has two parts: a Location Attestation completed by leadership and an Individual Provider Attestation completed by every clinician.

Why quarterly and not annual?

+

Regulators, malpractice carriers, and diligence teams look for a rhythm — evidence that oversight is continuous, not a one-time binder. Quarterly cadence surfaces license lapses, protocol drift, missed Medical Director engagement, and adverse-event patterns while they're still cheap to fix, and it produces a defensible paper trail across a rolling 12 months.

What does the Location Attestation cover?

+

Seven areas: (1) Entity Structure & Corporate Compliance, (2) Clinical Leadership & Oversight, (3) Clinical Protocols & Standard of Care, (4) Staffing, Licensure & Scope of Practice, (5) Patient Consent & Documentation, (6) Privacy & Security (HIPAA / state), and (7) Medications & Supplies including controlled-substance handling.

What does the Individual Provider Attestation cover?

+

Five areas each clinician confirms personally: (1) Licensure & Credentialing, (2) Clinical Practice & Standard of Care, (3) Medical Director / Supervision Engagement, (4) Patient Safety, Consent & Documentation, and (5) Privacy, Conduct & Operations.

Who reviews the attestations after they're submitted?

+

Camino reviews each quarter's submissions, tracks 'No' answers and 'N/A' items, opens corrective-action items with owners and due dates, and produces a short findings memo. The point is to be the friendly reviewer — before a state board, payment processor, biller, or plaintiff attorney becomes the not-so-friendly one.

Are these attestations legal advice?

+

No. The programs and their citations (state medical/nursing practice acts, HIPAA 45 C.F.R. Parts 160 & 164, Controlled Substances Act 21 U.S.C. 801 et seq., USP <797>/<800>, FDCA §503A/503B, state privacy laws such as California CMIA) are educational only. Specific requirements vary by state, specialty, and practice model — confirm with counsel.

How does this relate to CPOM and PC/MSO structures?

+

The Location Attestation's first section directly tests whether the PC/MSO structure required by the state's Corporate Practice of Medicine doctrine is still intact — no unreported ownership changes, MSA on file, fair-market-value management fees, and clinical control resting with the licensed practice.

Related: Our compliance philosophy · CPOM by state · Board submission by state

Run your first quarterly attestation with us.

We'll issue the location and provider attestations, review the results, and open the corrective actions — so the next set of eyes on your operation is ours, not a regulator's.