Proven Strategies
For Professionals

Who owns the digital patient list? Resolving telehealth partnership disputes

On Behalf of | Jun 18, 2026 | Business Law |

The partnership ends on a weekday afternoon. Within hours, the tech company changes the portal password… and suddenly, a medical practice cannot access years of patient records. What looks like a business dispute is actually a federal compliance emergency.

The rapid expansion of digital health infrastructure has reshaped medical care across the DMV area. In Washington D.C., Maryland, and Virginia, telehealth joint ventures frequently pair clinical practitioners with specialized tech companies — the tech partner manages the software and handles patient acquisition, while the medical partner delivers licensed clinical care.

When these partnerships dissolve, the digital patient list almost always becomes the central point of conflict. Tech vendors often view the database as proprietary intellectual property built through their marketing budgets. Physicians view it as a protected repository of their patients’ medical information. Resolving this dispute requires navigating a complex overlap of federal privacy law and state medical regulations.

Two legal frameworks that govern the patient list

Trying to divide or seize control of a digital patient list using standard commercial contract law is a dangerous approach. Two primary legal frameworks dictate how this asset must be handled:

  • HIPAA and information blocking rules: In most telehealth partnerships, the tech platform qualifies as a Business Associate and the medical entity is the Covered Entity under HIPAA. This means the clinical group holds ultimate legal custody over all Protected Health Information (PHI). If a tech vendor locks a medical group out of its own patient portal during a dispute, it risks violating federal Information Blocking Rules enforced by the Office of the National Coordinator for Health Information Technology (ONC) under the 21st Century Cures Act.
  • The Corporate Practice of Medicine (CPOM) doctrine: Washington D.C., Maryland, and Virginia each enforce their own version of the CPOM doctrine, which holds that non-physicians and non-physician-owned corporations cannot control medical decision-making or effectively own a medical practice. A tech company that exercises controlling authority over a patient database may cross into CPOM territory — potentially rendering the underlying contract unenforceable as a matter of public policy.

Understanding which framework applies (and how they interact) is essential before taking any legal action in a partnership dispute.

Strategic steps to resolve a dispute

If a telehealth partnership breaks down, your legal team must act quickly and carefully:

  • Secure the patient records: Virginia law requires medical records to be preserved for a minimum of six years from the date of the last patient encounter. If a tech vendor threatens to delete or withhold the database, they may face significant liability under state records retention mandates. Maryland and D.C. maintain their own retention requirements as well, all of which apply regardless of any private contractual dispute.
  • Pursue emergency injunctive relief: If a partner cuts off access to the patient database, your attorney can petition a court for emergency injunctive relief, framing the data lockout as a direct threat to continuity of patient care,  a compelling argument that goes well beyond a standard contract dispute.

Taking swift legal action at the first sign of a dispute is the most effective way to protect your patients, preserve your clinical standing, and prevent a business conflict from becoming a federal compliance crisis.